From bf3daba5d0967f28e8d6e7b4c65d141824e28d10 Mon Sep 17 00:00:00 2001
From: rob <rob@openbsd.org>
Date: Sat, 11 Aug 2018 04:31:57 +0000
Subject: [PATCH] Prevent server side overflow for message id in snmp header.

ok sthen@, tb@
---
 usr.sbin/snmpctl/snmpclient.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/snmpctl/snmpclient.c b/usr.sbin/snmpctl/snmpclient.c
index 902985d7544..dd0ab231b5d 100644
--- a/usr.sbin/snmpctl/snmpclient.c
+++ b/usr.sbin/snmpctl/snmpclient.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: snmpclient.c,v 1.16 2018/08/08 18:50:38 rob Exp $	*/
+/*	$OpenBSD: snmpclient.c,v 1.17 2018/08/11 04:31:57 rob Exp $	*/
 
 /*
  * Copyright (c) 2013 Reyk Floeter <reyk@openbsd.org>
@@ -407,7 +407,7 @@ snmpc_sendreq(struct snmpc *sc, unsigned int type)
 		erroridx = SNMPC_MAXREPETITIONS;
 
 	/* SNMP header */
-	sc->sc_msgid = arc4random();
+	sc->sc_msgid = arc4random() & 0x7fffffff;
 	if ((root = ber_add_sequence(NULL)) == NULL)
 		return (-1);
 	if ((b = ber_printf_elements(root, "ds{tddd{{O0}}",
-- 
2.20.1