From ec18aedff106daf06c769cf501dd888251cf8e0a Mon Sep 17 00:00:00 2001
From: hno <>
Date: Mon, 14 Aug 2000 03:18:09 +0000
Subject: [PATCH] The snmp_community ACL check segfaulted if Squid failed to
 parse the SNMP query. We might want to backport this to 2.3, and release it
 as a patch as this can be used to DOS anyone with SNMP enabled and using the
 snmp_community ACL.

A workaround is to base access controls purely on the source address
instead of using a community.
---
 src/snmp_core.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/snmp_core.cc b/src/snmp_core.cc
index efc02e6a25..8d34164276 100644
--- a/src/snmp_core.cc
+++ b/src/snmp_core.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: snmp_core.cc,v 1.44 2000/06/27 22:06:04 hno Exp $
+ * $Id: snmp_core.cc,v 1.45 2000/08/13 21:18:09 hno Exp $
  *
  * DEBUG: section 49    SNMP support
  * AUTHOR: Glenn Chisholm
@@ -512,7 +512,8 @@ snmpDecodePacket(snmp_request_t * rq)
     checklist.src_addr = rq->from.sin_addr;
     checklist.snmp_community = (char *) Community;
 
-    allow = aclCheckFast(Config.accessList.snmp, &checklist);
+    if (Community)
+	allow = aclCheckFast(Config.accessList.snmp, &checklist);
     if ((snmp_coexist_V2toV1(PDU)) && (Community) && (allow)) {
 	rq->community = Community;
 	rq->PDU = PDU;
-- 
2.47.2