From b4db9877991212cb21f1bf8ac961f5ec3d4f4f1d Mon Sep 17 00:00:00 2001
From: Micael Karlberg <bmk@erlang.org>
Date: Fri, 2 Dec 2011 15:20:16 +0100
Subject: [snmp] Maximum number of varbinds in a Get-BULK response

As a means to prevent DoS, maximum number of varbinds
in a Get-BULK response has been limited.
Also, made some changes to the worker process "API".
OTP-9700.
---
 lib/snmp/src/agent/snmpa_supervisor.erl | 40 +++++++++++++++++++++++++++++----
 1 file changed, 36 insertions(+), 4 deletions(-)

(limited to 'lib/snmp/src/agent/snmpa_supervisor.erl')

diff --git a/lib/snmp/src/agent/snmpa_supervisor.erl b/lib/snmp/src/agent/snmpa_supervisor.erl
index 5ef5914e18..7a9c214e0d 100644
--- a/lib/snmp/src/agent/snmpa_supervisor.erl
+++ b/lib/snmp/src/agent/snmpa_supervisor.erl
@@ -176,8 +176,8 @@ init([AgentType, Opts]) ->
       "~n   AgentType: ~p"
       "~n   Opts:      ~p", [AgentType, Opts]),
 
-    put(sname, asup),
-    put(verbosity,get_verbosity(Opts)),
+    put(sname,     asup),
+    put(verbosity, get_verbosity(Opts)),
 
     ?vlog("starting",[]),
 
@@ -203,7 +203,12 @@ init([AgentType, Opts]) ->
     Vsns = get_opt(versions, Opts, [v1,v2,v3]),
     ?vdebug("[agent table] store versions: ~p",[Vsns]),
     ets:insert(snmp_agent_table, {versions, Vsns}),
-    
+
+    %% -- Max number of VBs in a Get-BULK response --
+    GbMaxVBs = get_gb_max_vbs(Opts),
+    ?vdebug("[agent table] Get-BULK max VBs: ~p", [GbMaxVBs]),
+    ets:insert(snmp_agent_table, {gb_max_vbs, GbMaxVBs}),
+
     %% -- DB-directory --
     DbDir = get_opt(db_dir, Opts),
     ?vdebug("[agent table] store db_dir: ~n   ~p",[DbDir]),
@@ -377,7 +382,8 @@ init([AgentType, Opts]) ->
 		     {versions,               Vsns},
 		     {net_if,                 NiOpts},
 		     {mib_server,             MibsOpts},
-		     {note_store,             NsOpts}|
+		     {note_store,             NsOpts},
+		     {gb_max_vbs,             GbMaxVBs} |
 		     get_opt(master_agent_options, Opts, [])],
 		     
 		AgentSpec =
@@ -542,6 +548,32 @@ get_verbosity(Opts) ->
 get_agent_type(Opts) ->
     get_opt(agent_type, Opts, master).
 
+
+%% We validate this option! This should really be done for all
+%% options, but it is beyond the scope of this ticket, OTP-9700.
+
+get_gb_max_vbs(Opts) ->
+    Validate = 
+	fun(GbMaxVBs) 
+	   when ((is_integer(GbMaxVBs) andalso (GbMaxVBs > 0)) orelse
+		 (GbMaxVBs =:= infinity)) ->
+		ok;
+	   (_) ->
+		error
+	end,
+    get_option(gb_max_vbs, ?DEFAULT_GB_MAX_VBS, Validate, Opts).
+
+get_option(Key, Default, Validate, Opts) 
+  when is_list(Opts) andalso is_function(Validate) ->
+    Value = get_opt(Key, Opts, Default),
+    case Validate(Value) of
+	ok ->
+	    Value;
+	error ->
+	    exit({bad_option, Key, Value})
+    end.
+    
+
 get_opt(Key, Opts) ->
     snmp_misc:get_option(Key, Opts).
 
-- 
cgit v1.2.3