From 5fd2bbf0554685fe2e5a6ec8df2f6bf9c224696d Mon Sep 17 00:00:00 2001
From: martijn <martijn@openbsd.org>
Date: Tue, 24 Oct 2023 08:48:41 +0000
Subject: [PATCH] Make sure that unpacking of an AgentX OID doesn't contain
 more than 128 elements.

OK tb@
---
 lib/libagentx/ax.c  | 4 +++-
 usr.sbin/snmpd/ax.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/libagentx/ax.c b/lib/libagentx/ax.c
index 4f963224855..5e1b0e0c195 100644
--- a/lib/libagentx/ax.c
+++ b/lib/libagentx/ax.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ax.c,v 1.8 2021/10/24 17:43:38 martijn Exp $ */
+/*	$OpenBSD: ax.c,v 1.9 2023/10/24 08:48:41 martijn Exp $ */
 /*
  * Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org>
  *
@@ -1262,6 +1262,8 @@ ax_pdutooid(struct ax_pdu_header *header, struct ax_oid *oid,
 	}
 	buf++;
 	oid->aoi_include = *buf;
+	if (oid->aoi_idlen > AX_OID_MAX_LEN)
+		goto fail;
 	for (buf += 2; i < oid->aoi_idlen; i++, buf += 4)
 		oid->aoi_id[i] = ax_pdutoh32(header, buf);
 
diff --git a/usr.sbin/snmpd/ax.c b/usr.sbin/snmpd/ax.c
index 63add683efe..418e931d94f 100644
--- a/usr.sbin/snmpd/ax.c
+++ b/usr.sbin/snmpd/ax.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ax.c,v 1.1 2022/08/23 08:56:20 martijn Exp $ */
+/*	$OpenBSD: ax.c,v 1.2 2023/10/24 08:48:41 martijn Exp $ */
 /*
  * Copyright (c) 2019 Martijn van Duren <martijn@openbsd.org>
  *
@@ -1442,6 +1442,8 @@ ax_pdutooid(struct ax_pdu_header *header, struct ax_oid *oid,
 	}
 	buf++;
 	oid->aoi_include = *buf;
+	if (oid->aoi_idlen > AX_OID_MAX_LEN)
+		goto fail;
 	for (buf += 2; i < oid->aoi_idlen; i++, buf += 4)
 		oid->aoi_id[i] = ax_pdutoh32(header, buf);
 
-- 
2.20.1