Hi,
This is in reference to SNMP4J version 3.6.4. If this is indeed a valid bug, it would be a very rare, but I figured you might want to take a look. It was noticed while looking at code… Not due to any real world problem, so maybe I’m wrong.
In BER.decodeUnsignedInteger() line 760, it correctly limits data to 4 bytes and accounts for a possible leading zero:
if ((length > 5) || ((length > 4) && (b != 0x00))) { throw new IOException("Only 32bit unsigned integers are supported"+ getPositionMessage(is)); }
But in BER.decodeUnsignedInt64() line 919, it would allow a 9-byte value, forgetting to verify if the extra byte is a leading zero. I think there would be no runtime error… The value would be the last 8 bytes, but essentially corrupt?
if (length > 9) {
throw new IOException("Invalid 64bit unsigned integer length: "+length+
getPositionMessage(is));
}