varbind was designed to allow both a ber NULL and a NULL pointer for

value. The ber NULL case is there for when it was received via a PDU.
The NULL pointer case can happen if application.c runs into a timeout
or when a backend runs into problems.

The NULL pointer case however was overlooked in appl_varbind_valid and
results in an "missing value" error, (needlessly) terminating the
connection to the backend.

Found the hard way by Mischa Peters while stress testing agentx support
for vmd.

OK tb@, sthen@

diff --git a/usr.sbin/snmpd/application.c b/usr.sbin/snmpd/application.c
index 479f44e..fe7b992 100644 (file)
--- a/usr.sbin/snmpd/application.c
+++ b/usr.sbin/snmpd/application.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: application.c,v 1.15 2022/08/31 09:19:22 martijn Exp $        */
+/*     $OpenBSD: application.c,v 1.16 2022/09/13 10:22:07 martijn Exp $        */
 
 /*
  * Copyright (c) 2021 Martijn van Duren <martijn@openbsd.org>
@@ -1170,8 +1170,11 @@ appl_varbind_valid(struct appl_varbind *varbind, struct appl_varbind *request,
        int eomv = 0;
 
        if (varbind->av_value == NULL) {
-               *errstr = "missing value";
-               return 0;
+               if (!null) {
+                       *errstr = "missing value";
+                       return 0;
+               }
+               return 1;
        }
        if (varbind->av_value->be_class == BER_CLASS_UNIVERSAL) {
                switch (varbind->av_value->be_type) {