Problem description:
SNMPv2 defines a new type "Unsinged32", which is mapped to Gauge32 in ASN1 encoding. Scotty is using the TnmBerEncInt function to encode INTEGER COUNTER32 GAUGE32 and TIMETICK, however, while INTEGER can take negative value, the other 3 type cannot, Within TnmBerEncInt, the code remove leading 0s and 1s if the first 9 bits are either all 0s or all 1s. This works correctly if the value is an INTEGER, however, if the value is COUNTER32/GAUGE32/TIMETICK, the code actually changes the value to be encoded. Because TnmBerEncInt is not told the type of the value, it should NOT remove any leading 1s, as this may be a negative number or a large possible number.
Symptom:
TnmBerEncInt incorrectly encode any Unsigned32/COUNTER32/GAUGE32/TIMETICK value greater than 4286578687, of cause, normal user will not see this problem with COUNTER32/GAUGE32/TIMETICK, as user would not normally set the value of a MIB variable with these types. However, Since the underlying ASN1 type for Unsigned32 is actually Gauge32, user will typically see this problem when he/she try to set a Unsigned32 variable to a value greater than or equal to 4286578688 (binary 11111111 10000000 00000000 00000000)
Quick fix:
In TnmBerEncInt() from file tnmAsn1.c line 469
change:
while ((((value & mask) == 0)
|| ((value & mask) == mask )) && intsize > 1) {
intsize--;
value <<= 8;
}
to
while (((value & mask) == 0) && intsize > 1) {
intsize--;
value <<= 8;
}
Hope I have not cause other problem by doing this (I tested the fix, it seems to be working)
/Simon
-- !! This message is brought to you via the `tkined & scotty' mailing list. !! Please do not reply to this message to unsubscribe. To subscribe or !! unsubscribe, send a mail message to <tkined-request@ibr.cs.tu-bs.de>. !! See http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/ for more information.