1 /*
2  * SNMP functions for CUPS.
3  *
4  * Copyright © 2007-2019 by Apple Inc.
5  * Copyright © 2006-2007 by Easy Software Products, all rights reserved.
6  *
7  * Licensed under Apache License v2.0.  See the file "LICENSE" for more
8  * information.
9  */
10 
11 /*
12  * Include necessary headers.
13  */
14 
15 #include "cups-private.h"
16 #include "snmp-private.h"
17 #include "debug-internal.h"
18 #ifdef HAVE_POLL
19 #  include <poll.h>
20 #endif /* HAVE_POLL */
21 
22 
23 /*
24  * Local functions...
25  */
26 
27 static void		asn1_debug(const char *prefix, unsigned char *buffer,
28 			           size_t len, int indent);
29 static int		asn1_decode_snmp(unsigned char *buffer, size_t len,
30 			                 cups_snmp_t *packet);
31 static int		asn1_encode_snmp(unsigned char *buffer, size_t len,
32 			                 cups_snmp_t *packet);
33 static int		asn1_get_integer(unsigned char **buffer,
34 			                 unsigned char *bufend,
35 			                 unsigned length);
36 static int		asn1_get_oid(unsigned char **buffer,
37 			             unsigned char *bufend,
38 				     unsigned length, int *oid, int oidsize);
39 static int		asn1_get_packed(unsigned char **buffer,
40 			                unsigned char *bufend);
41 static char		*asn1_get_string(unsigned char **buffer,
42 			                 unsigned char *bufend,
43 			                 unsigned length, char *string,
44 			                 size_t strsize);
45 static unsigned		asn1_get_length(unsigned char **buffer,
46 			                unsigned char *bufend);
47 static int		asn1_get_type(unsigned char **buffer,
48 			              unsigned char *bufend);
49 static void		asn1_set_integer(unsigned char **buffer,
50 			                 int integer);
51 static void		asn1_set_length(unsigned char **buffer,
52 			                unsigned length);
53 static void		asn1_set_oid(unsigned char **buffer,
54 			             const int *oid);
55 static void		asn1_set_packed(unsigned char **buffer,
56 			                int integer);
57 static unsigned		asn1_size_integer(int integer);
58 static unsigned		asn1_size_length(unsigned length);
59 static unsigned		asn1_size_oid(const int *oid);
60 static unsigned		asn1_size_packed(int integer);
61 static void		snmp_set_error(cups_snmp_t *packet,
62 			               const char *message);
63 
64 
65 /*
66  * '_cupsSNMPClose()' - Close a SNMP socket.
67  */
68 
69 void
_cupsSNMPClose(int fd)70 _cupsSNMPClose(int fd)			/* I - SNMP socket file descriptor */
71 {
72   DEBUG_printf(("4_cupsSNMPClose(fd=%d)", fd));
73 
74   httpAddrClose(NULL, fd);
75 }
76 
77 
78 /*
79  * '_cupsSNMPCopyOID()' - Copy an OID.
80  *
81  * The array pointed to by "src" is terminated by the value -1.
82  */
83 
84 int *					/* O - New OID */
_cupsSNMPCopyOID(int * dst,const int * src,int dstsize)85 _cupsSNMPCopyOID(int       *dst,	/* I - Destination OID */
86                  const int *src,	/* I - Source OID */
87 		 int       dstsize)	/* I - Number of integers in dst */
88 {
89   int	i;				/* Looping var */
90 
91 
92   DEBUG_printf(("4_cupsSNMPCopyOID(dst=%p, src=%p, dstsize=%d)", dst, src,
93                 dstsize));
94 
95   for (i = 0, dstsize --; src[i] >= 0 && i < dstsize; i ++)
96     dst[i] = src[i];
97 
98   dst[i] = -1;
99 
100   return (dst);
101 }
102 
103 
104 /*
105  * '_cupsSNMPDefaultCommunity()' - Get the default SNMP community name.
106  *
107  * The default community name is the first community name found in the
108  * snmp.conf file. If no community name is defined there, "public" is used.
109  */
110 
111 const char *				/* O - Default community name */
_cupsSNMPDefaultCommunity(void)112 _cupsSNMPDefaultCommunity(void)
113 {
114   cups_file_t	*fp;			/* snmp.conf file */
115   char		line[1024],		/* Line from file */
116 		*value;			/* Value from file */
117   int		linenum;		/* Line number in file */
118   _cups_globals_t *cg = _cupsGlobals();	/* Global data */
119 
120 
121   DEBUG_puts("4_cupsSNMPDefaultCommunity()");
122 
123   if (!cg->snmp_community[0])
124   {
125     strlcpy(cg->snmp_community, "public", sizeof(cg->snmp_community));
126 
127     snprintf(line, sizeof(line), "%s/snmp.conf", cg->cups_serverroot);
128     if ((fp = cupsFileOpen(line, "r")) != NULL)
129     {
130       linenum = 0;
131       while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
132 	if (!_cups_strcasecmp(line, "Community"))
133 	{
134 	  if (value)
135 	    strlcpy(cg->snmp_community, value, sizeof(cg->snmp_community));
136 	  else
137 	    cg->snmp_community[0] = '\0';
138 
139 	  break;
140 	}
141 
142       cupsFileClose(fp);
143     }
144   }
145 
146   DEBUG_printf(("5_cupsSNMPDefaultCommunity: Returning \"%s\"",
147                 cg->snmp_community));
148 
149   return (cg->snmp_community);
150 }
151 
152 
153 /*
154  * '_cupsSNMPIsOID()' - Test whether a SNMP response contains the specified OID.
155  *
156  * The array pointed to by "oid" is terminated by the value -1.
157  */
158 
159 int					/* O - 1 if equal, 0 if not equal */
_cupsSNMPIsOID(cups_snmp_t * packet,const int * oid)160 _cupsSNMPIsOID(cups_snmp_t *packet,	/* I - Response packet */
161                const int   *oid)	/* I - OID */
162 {
163   int	i;				/* Looping var */
164 
165 
166  /*
167   * Range check input...
168   */
169 
170   DEBUG_printf(("4_cupsSNMPIsOID(packet=%p, oid=%p)", packet, oid));
171 
172   if (!packet || !oid)
173   {
174     DEBUG_puts("5_cupsSNMPIsOID: Returning 0");
175 
176     return (0);
177   }
178 
179  /*
180   * Compare OIDs...
181   */
182 
183   for (i = 0;
184        i < CUPS_SNMP_MAX_OID && oid[i] >= 0 && packet->object_name[i] >= 0;
185        i ++)
186     if (oid[i] != packet->object_name[i])
187     {
188       DEBUG_puts("5_cupsSNMPIsOID: Returning 0");
189 
190       return (0);
191     }
192 
193   DEBUG_printf(("5_cupsSNMPIsOID: Returning %d",
194                 i < CUPS_SNMP_MAX_OID && oid[i] == packet->object_name[i]));
195 
196   return (i < CUPS_SNMP_MAX_OID && oid[i] == packet->object_name[i]);
197 }
198 
199 
200 /*
201  * '_cupsSNMPIsOIDPrefixed()' - Test whether a SNMP response uses the specified
202  *                              OID prefix.
203  *
204  * The array pointed to by "prefix" is terminated by the value -1.
205  */
206 
207 int					/* O - 1 if prefixed, 0 if not prefixed */
_cupsSNMPIsOIDPrefixed(cups_snmp_t * packet,const int * prefix)208 _cupsSNMPIsOIDPrefixed(
209     cups_snmp_t *packet,		/* I - Response packet */
210     const int   *prefix)		/* I - OID prefix */
211 {
212   int	i;				/* Looping var */
213 
214 
215  /*
216   * Range check input...
217   */
218 
219   DEBUG_printf(("4_cupsSNMPIsOIDPrefixed(packet=%p, prefix=%p)", packet,
220                 prefix));
221 
222   if (!packet || !prefix)
223   {
224     DEBUG_puts("5_cupsSNMPIsOIDPrefixed: Returning 0");
225 
226     return (0);
227   }
228 
229  /*
230   * Compare OIDs...
231   */
232 
233   for (i = 0;
234        i < CUPS_SNMP_MAX_OID && prefix[i] >= 0 && packet->object_name[i] >= 0;
235        i ++)
236     if (prefix[i] != packet->object_name[i])
237     {
238       DEBUG_puts("5_cupsSNMPIsOIDPrefixed: Returning 0");
239 
240       return (0);
241     }
242 
243   DEBUG_printf(("5_cupsSNMPIsOIDPrefixed: Returning %d",
244                 i < CUPS_SNMP_MAX_OID));
245 
246   return (i < CUPS_SNMP_MAX_OID);
247 }
248 
249 
250 /*
251  * '_cupsSNMPOIDToString()' - Convert an OID to a string.
252  */
253 
254 
255 char *					/* O - New string or @code NULL@ on error */
_cupsSNMPOIDToString(const int * src,char * dst,size_t dstsize)256 _cupsSNMPOIDToString(const int *src,	/* I - OID */
257                      char      *dst,	/* I - String buffer */
258                      size_t    dstsize)	/* I - Size of string buffer */
259 {
260   char	*dstptr,			/* Pointer into string buffer */
261 	*dstend;			/* End of string buffer */
262 
263 
264   DEBUG_printf(("4_cupsSNMPOIDToString(src=%p, dst=%p, dstsize=" CUPS_LLFMT ")",
265                 src, dst, CUPS_LLCAST dstsize));
266 
267  /*
268   * Range check input...
269   */
270 
271   if (!src || !dst || dstsize < 4)
272     return (NULL);
273 
274  /*
275   * Loop through the OID array and build a string...
276   */
277 
278   for (dstptr = dst, dstend = dstptr + dstsize - 1;
279        *src >= 0 && dstptr < dstend;
280        src ++, dstptr += strlen(dstptr))
281     snprintf(dstptr, (size_t)(dstend - dstptr + 1), ".%d", *src);
282 
283   if (*src >= 0)
284     return (NULL);
285   else
286     return (dst);
287 }
288 
289 
290 /*
291  * '_cupsSNMPOpen()' - Open a SNMP socket.
292  */
293 
294 int					/* O - SNMP socket file descriptor */
_cupsSNMPOpen(int family)295 _cupsSNMPOpen(int family)		/* I - Address family - @code AF_INET@ or @code AF_INET6@ */
296 {
297   int		fd;			/* SNMP socket file descriptor */
298   int		val;			/* Socket option value */
299 
300 
301  /*
302   * Create the SNMP socket...
303   */
304 
305   DEBUG_printf(("4_cupsSNMPOpen(family=%d)", family));
306 
307   if ((fd = socket(family, SOCK_DGRAM, 0)) < 0)
308   {
309     DEBUG_printf(("5_cupsSNMPOpen: Returning -1 (%s)", strerror(errno)));
310 
311     return (-1);
312   }
313 
314  /*
315   * Set the "broadcast" flag...
316   */
317 
318   val = 1;
319 
320   if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, CUPS_SOCAST &val, sizeof(val)))
321   {
322     DEBUG_printf(("5_cupsSNMPOpen: Returning -1 (%s)", strerror(errno)));
323 
324     close(fd);
325 
326     return (-1);
327   }
328 
329   DEBUG_printf(("5_cupsSNMPOpen: Returning %d", fd));
330 
331   return (fd);
332 }
333 
334 
335 /*
336  * '_cupsSNMPRead()' - Read and parse a SNMP response.
337  *
338  * If "timeout" is negative, @code _cupsSNMPRead@ will wait for a response
339  * indefinitely.
340  */
341 
342 cups_snmp_t *				/* O - SNMP packet or @code NULL@ if none */
_cupsSNMPRead(int fd,cups_snmp_t * packet,double timeout)343 _cupsSNMPRead(int         fd,		/* I - SNMP socket file descriptor */
344               cups_snmp_t *packet,	/* I - SNMP packet buffer */
345 	      double      timeout)	/* I - Timeout in seconds */
346 {
347   unsigned char	buffer[CUPS_SNMP_MAX_PACKET];
348 					/* Data packet */
349   ssize_t	bytes;			/* Number of bytes received */
350   socklen_t	addrlen;		/* Source address length */
351   http_addr_t	address;		/* Source address */
352 
353 
354  /*
355   * Range check input...
356   */
357 
358   DEBUG_printf(("4_cupsSNMPRead(fd=%d, packet=%p, timeout=%.1f)", fd, packet,
359                 timeout));
360 
361   if (fd < 0 || !packet)
362   {
363     DEBUG_puts("5_cupsSNMPRead: Returning NULL");
364 
365     return (NULL);
366   }
367 
368  /*
369   * Optionally wait for a response...
370   */
371 
372   if (timeout >= 0.0)
373   {
374     int			ready;		/* Data ready on socket? */
375 #ifdef HAVE_POLL
376     struct pollfd	pfd;		/* Polled file descriptor */
377 
378     pfd.fd     = fd;
379     pfd.events = POLLIN;
380 
381     while ((ready = poll(&pfd, 1, (int)(timeout * 1000.0))) < 0 &&
382            (errno == EINTR || errno == EAGAIN));
383 
384 #else
385     fd_set		input_set;	/* select() input set */
386     struct timeval	stimeout;	/* select() timeout */
387 
388     do
389     {
390       FD_ZERO(&input_set);
391       FD_SET(fd, &input_set);
392 
393       stimeout.tv_sec  = (int)timeout;
394       stimeout.tv_usec = (int)((timeout - stimeout.tv_sec) * 1000000);
395 
396       ready = select(fd + 1, &input_set, NULL, NULL, &stimeout);
397     }
398 #  ifdef _WIN32
399     while (ready < 0 && WSAGetLastError() == WSAEINTR);
400 #  else
401     while (ready < 0 && (errno == EINTR || errno == EAGAIN));
402 #  endif /* _WIN32 */
403 #endif /* HAVE_POLL */
404 
405    /*
406     * If we don't have any data ready, return right away...
407     */
408 
409     if (ready <= 0)
410     {
411       DEBUG_puts("5_cupsSNMPRead: Returning NULL (timeout)");
412 
413       return (NULL);
414     }
415   }
416 
417  /*
418   * Read the response data...
419   */
420 
421   addrlen = sizeof(address);
422 
423   if ((bytes = recvfrom(fd, buffer, sizeof(buffer), 0, (void *)&address,
424                         &addrlen)) < 0)
425   {
426     DEBUG_printf(("5_cupsSNMPRead: Returning NULL (%s)", strerror(errno)));
427 
428     return (NULL);
429   }
430 
431  /*
432   * Look for the response status code in the SNMP message header...
433   */
434 
435   asn1_debug("DEBUG: IN ", buffer, (size_t)bytes, 0);
436 
437   asn1_decode_snmp(buffer, (size_t)bytes, packet);
438 
439   memcpy(&(packet->address), &address, sizeof(packet->address));
440 
441  /*
442   * Return decoded data packet...
443   */
444 
445   DEBUG_puts("5_cupsSNMPRead: Returning packet");
446 
447   return (packet);
448 }
449 
450 
451 /*
452  * '_cupsSNMPSetDebug()' - Enable/disable debug logging to stderr.
453  */
454 
455 void
_cupsSNMPSetDebug(int level)456 _cupsSNMPSetDebug(int level)		/* I - 1 to enable debug output, 0 otherwise */
457 {
458   _cups_globals_t *cg = _cupsGlobals();	/* Global data */
459 
460 
461   DEBUG_printf(("4_cupsSNMPSetDebug(level=%d)", level));
462 
463   cg->snmp_debug = level;
464 }
465 
466 
467 /*
468  * '_cupsSNMPStringToOID()' - Convert a numeric OID string to an OID array.
469  *
470  * This function converts a string of the form ".N.N.N.N.N" to the
471  * corresponding OID array terminated by -1.
472  *
473  * @code NULL@ is returned if the array is not large enough or the string is
474  * not a valid OID number.
475  */
476 
477 int *					/* O - Pointer to OID array or @code NULL@ on error */
_cupsSNMPStringToOID(const char * src,int * dst,int dstsize)478 _cupsSNMPStringToOID(const char *src,	/* I - OID string */
479                      int        *dst,	/* I - OID array */
480 		     int        dstsize)/* I - Number of integers in OID array */
481 {
482   int	*dstptr,			/* Pointer into OID array */
483 	*dstend;			/* End of OID array */
484 
485 
486   DEBUG_printf(("4_cupsSNMPStringToOID(src=\"%s\", dst=%p, dstsize=%d)",
487                 src, dst, dstsize));
488 
489  /*
490   * Range check input...
491   */
492 
493   if (!src || !dst || dstsize < 2)
494     return (NULL);
495 
496  /*
497   * Skip leading "."...
498   */
499 
500   if (*src == '.')
501     src ++;
502 
503  /*
504   * Loop to the end of the string...
505   */
506 
507   for (dstend = dst + dstsize - 1, dstptr = dst, *dstptr = 0;
508        *src && dstptr < dstend;
509        src ++)
510   {
511     if (*src == '.')
512     {
513       dstptr ++;
514       *dstptr = 0;
515     }
516     else if (isdigit(*src & 255))
517       *dstptr = *dstptr * 10 + *src - '0';
518     else
519       break;
520   }
521 
522   if (*src)
523     return (NULL);
524 
525  /*
526   * Terminate the end of the OID array and return...
527   */
528 
529   dstptr[1] = -1;
530 
531   return (dst);
532 }
533 
534 
535 /*
536  * '_cupsSNMPWalk()' - Enumerate a group of OIDs.
537  *
538  * This function queries all of the OIDs with the specified OID prefix,
539  * calling the "cb" function for every response that is received.
540  *
541  * The array pointed to by "prefix" is terminated by the value -1.
542  *
543  * If "timeout" is negative, @code _cupsSNMPWalk@ will wait for a response
544  * indefinitely.
545  */
546 
547 int					/* O - Number of OIDs found or -1 on error */
_cupsSNMPWalk(int fd,http_addr_t * address,int version,const char * community,const int * prefix,double timeout,cups_snmp_cb_t cb,void * data)548 _cupsSNMPWalk(int            fd,	/* I - SNMP socket */
549               http_addr_t    *address,	/* I - Address to query */
550 	      int            version,	/* I - SNMP version */
551 	      const char     *community,/* I - Community name */
552               const int      *prefix,	/* I - OID prefix */
553 	      double         timeout,	/* I - Timeout for each response in seconds */
554 	      cups_snmp_cb_t cb,	/* I - Function to call for each response */
555 	      void           *data)	/* I - User data pointer that is passed to the callback function */
556 {
557   int		count = 0;		/* Number of OIDs found */
558   unsigned	request_id = 0;		/* Current request ID */
559   cups_snmp_t	packet;			/* Current response packet */
560   int		lastoid[CUPS_SNMP_MAX_OID];
561 					/* Last OID we got */
562 
563 
564  /*
565   * Range check input...
566   */
567 
568   DEBUG_printf(("4_cupsSNMPWalk(fd=%d, address=%p, version=%d, "
569                 "community=\"%s\", prefix=%p, timeout=%.1f, cb=%p, data=%p)",
570 		fd, address, version, community, prefix, timeout, cb, data));
571 
572   if (fd < 0 || !address || version != CUPS_SNMP_VERSION_1 || !community ||
573       !prefix || !cb)
574   {
575     DEBUG_puts("5_cupsSNMPWalk: Returning -1");
576 
577     return (-1);
578   }
579 
580  /*
581   * Copy the OID prefix and then loop until we have no more OIDs...
582   */
583 
584   _cupsSNMPCopyOID(packet.object_name, prefix, CUPS_SNMP_MAX_OID);
585   lastoid[0] = -1;
586 
587   for (;;)
588   {
589     request_id ++;
590 
591     if (!_cupsSNMPWrite(fd, address, version, community,
592                         CUPS_ASN1_GET_NEXT_REQUEST, request_id,
593 		        packet.object_name))
594     {
595       DEBUG_puts("5_cupsSNMPWalk: Returning -1");
596 
597       return (-1);
598     }
599 
600     if (!_cupsSNMPRead(fd, &packet, timeout))
601     {
602       DEBUG_puts("5_cupsSNMPWalk: Returning -1");
603 
604       return (-1);
605     }
606 
607     if (!_cupsSNMPIsOIDPrefixed(&packet, prefix) ||
608         _cupsSNMPIsOID(&packet, lastoid))
609     {
610       DEBUG_printf(("5_cupsSNMPWalk: Returning %d", count));
611 
612       return (count);
613     }
614 
615     if (packet.error || packet.error_status)
616     {
617       DEBUG_printf(("5_cupsSNMPWalk: Returning %d", count > 0 ? count : -1));
618 
619       return (count > 0 ? count : -1);
620     }
621 
622     _cupsSNMPCopyOID(lastoid, packet.object_name, CUPS_SNMP_MAX_OID);
623 
624     count ++;
625 
626     (*cb)(&packet, data);
627   }
628 }
629 
630 
631 /*
632  * '_cupsSNMPWrite()' - Send an SNMP query packet.
633  *
634  * The array pointed to by "oid" is terminated by the value -1.
635  */
636 
637 int					/* O - 1 on success, 0 on error */
_cupsSNMPWrite(int fd,http_addr_t * address,int version,const char * community,cups_asn1_t request_type,const unsigned request_id,const int * oid)638 _cupsSNMPWrite(
639     int            fd,			/* I - SNMP socket */
640     http_addr_t    *address,		/* I - Address to send to */
641     int            version,		/* I - SNMP version */
642     const char     *community,		/* I - Community name */
643     cups_asn1_t    request_type,	/* I - Request type */
644     const unsigned request_id,		/* I - Request ID */
645     const int      *oid)		/* I - OID */
646 {
647   int		i;			/* Looping var */
648   cups_snmp_t	packet;			/* SNMP message packet */
649   unsigned char	buffer[CUPS_SNMP_MAX_PACKET];
650 					/* SNMP message buffer */
651   ssize_t	bytes;			/* Size of message */
652   http_addr_t	temp;			/* Copy of address */
653 
654 
655  /*
656   * Range check input...
657   */
658 
659   DEBUG_printf(("4_cupsSNMPWrite(fd=%d, address=%p, version=%d, "
660                 "community=\"%s\", request_type=%d, request_id=%u, oid=%p)",
661 		fd, address, version, community, request_type, request_id, oid));
662 
663   if (fd < 0 || !address || version != CUPS_SNMP_VERSION_1 || !community ||
664       (request_type != CUPS_ASN1_GET_REQUEST &&
665        request_type != CUPS_ASN1_GET_NEXT_REQUEST) || request_id < 1 || !oid)
666   {
667     DEBUG_puts("5_cupsSNMPWrite: Returning 0 (bad arguments)");
668 
669     return (0);
670   }
671 
672  /*
673   * Create the SNMP message...
674   */
675 
676   memset(&packet, 0, sizeof(packet));
677 
678   packet.version      = version;
679   packet.request_type = request_type;
680   packet.request_id   = request_id;
681   packet.object_type  = CUPS_ASN1_NULL_VALUE;
682 
683   strlcpy(packet.community, community, sizeof(packet.community));
684 
685   for (i = 0; oid[i] >= 0 && i < (CUPS_SNMP_MAX_OID - 1); i ++)
686     packet.object_name[i] = oid[i];
687   packet.object_name[i] = -1;
688 
689   if (oid[i] >= 0)
690   {
691     DEBUG_puts("5_cupsSNMPWrite: Returning 0 (OID too big)");
692 
693     errno = E2BIG;
694     return (0);
695   }
696 
697   bytes = asn1_encode_snmp(buffer, sizeof(buffer), &packet);
698 
699   if (bytes < 0)
700   {
701     DEBUG_puts("5_cupsSNMPWrite: Returning 0 (request too big)");
702 
703     errno = E2BIG;
704     return (0);
705   }
706 
707   asn1_debug("DEBUG: OUT ", buffer, (size_t)bytes, 0);
708 
709  /*
710   * Send the message...
711   */
712 
713   temp = *address;
714 
715   _httpAddrSetPort(&temp, CUPS_SNMP_PORT);
716 
717   return (sendto(fd, buffer, (size_t)bytes, 0, (void *)&temp, (socklen_t)httpAddrLength(&temp)) == bytes);
718 }
719 
720 
721 /*
722  * 'asn1_debug()' - Decode an ASN1-encoded message.
723  */
724 
725 static void
asn1_debug(const char * prefix,unsigned char * buffer,size_t len,int indent)726 asn1_debug(const char    *prefix,	/* I - Prefix string */
727            unsigned char *buffer,	/* I - Buffer */
728            size_t        len,		/* I - Length of buffer */
729            int           indent)	/* I - Indentation */
730 {
731   size_t	i;			/* Looping var */
732   unsigned char	*bufend;		/* End of buffer */
733   int		integer;		/* Number value */
734   int		oid[CUPS_SNMP_MAX_OID];	/* OID value */
735   char		string[CUPS_SNMP_MAX_STRING];
736 					/* String value */
737   unsigned char	value_type;		/* Type of value */
738   unsigned	value_length;		/* Length of value */
739   _cups_globals_t *cg = _cupsGlobals();	/* Global data */
740 
741 
742 #ifdef __clang_analyzer__ /* Suppress bogus clang error */
743   memset(string, 0, sizeof(string));
744 #endif /* __clang_analyzer__ */
745 
746   if (cg->snmp_debug <= 0)
747     return;
748 
749   if (cg->snmp_debug > 1 && indent == 0)
750   {
751    /*
752     * Do a hex dump of the packet...
753     */
754 
755     size_t j;
756 
757     fprintf(stderr, "%sHex Dump (%d bytes):\n", prefix, (int)len);
758 
759     for (i = 0; i < len; i += 16)
760     {
761       fprintf(stderr, "%s%04x:", prefix, (unsigned)i);
762 
763       for (j = 0; j < 16 && (i + j) < len; j ++)
764       {
765         if (j && !(j & 3))
766 	  fprintf(stderr, "  %02x", buffer[i + j]);
767         else
768 	  fprintf(stderr, " %02x", buffer[i + j]);
769       }
770 
771       while (j < 16)
772       {
773         if (j && !(j & 3))
774 	  fputs("    ", stderr);
775 	else
776 	  fputs("   ", stderr);
777 
778         j ++;
779       }
780 
781       fputs("    ", stderr);
782 
783       for (j = 0; j < 16 && (i + j) < len; j ++)
784         if (buffer[i + j] < ' ' || buffer[i + j] >= 0x7f)
785 	  putc('.', stderr);
786 	else
787 	  putc(buffer[i + j], stderr);
788 
789       putc('\n', stderr);
790     }
791   }
792 
793   if (indent == 0)
794     fprintf(stderr, "%sMessage:\n", prefix);
795 
796   bufend = buffer + len;
797 
798   while (buffer < bufend)
799   {
800    /*
801     * Get value type...
802     */
803 
804     value_type   = (unsigned char)asn1_get_type(&buffer, bufend);
805     value_length = asn1_get_length(&buffer, bufend);
806 
807     switch (value_type)
808     {
809       case CUPS_ASN1_BOOLEAN :
810           integer = asn1_get_integer(&buffer, bufend, value_length);
811 
812           fprintf(stderr, "%s%*sBOOLEAN %d bytes %d\n", prefix, indent, "",
813 	          value_length, integer);
814           break;
815 
816       case CUPS_ASN1_INTEGER :
817           integer = asn1_get_integer(&buffer, bufend, value_length);
818 
819           fprintf(stderr, "%s%*sINTEGER %d bytes %d\n", prefix, indent, "",
820 	          value_length, integer);
821           break;
822 
823       case CUPS_ASN1_COUNTER :
824           integer = asn1_get_integer(&buffer, bufend, value_length);
825 
826           fprintf(stderr, "%s%*sCOUNTER %d bytes %u\n", prefix, indent, "",
827 	          value_length, (unsigned)integer);
828           break;
829 
830       case CUPS_ASN1_GAUGE :
831           integer = asn1_get_integer(&buffer, bufend, value_length);
832 
833           fprintf(stderr, "%s%*sGAUGE %d bytes %u\n", prefix, indent, "",
834 	          value_length, (unsigned)integer);
835           break;
836 
837       case CUPS_ASN1_TIMETICKS :
838           integer = asn1_get_integer(&buffer, bufend, value_length);
839 
840           fprintf(stderr, "%s%*sTIMETICKS %d bytes %u\n", prefix, indent, "",
841 	          value_length, (unsigned)integer);
842           break;
843 
844       case CUPS_ASN1_OCTET_STRING :
845           fprintf(stderr, "%s%*sOCTET STRING %d bytes \"%s\"\n", prefix,
846 	          indent, "", value_length,
847 		  asn1_get_string(&buffer, bufend, value_length, string,
848 				  sizeof(string)));
849           break;
850 
851       case CUPS_ASN1_HEX_STRING :
852 	  asn1_get_string(&buffer, bufend, value_length, string,
853 			  sizeof(string));
854           fprintf(stderr, "%s%*sHex-STRING %d bytes", prefix,
855 	          indent, "", value_length);
856           for (i = 0; i < value_length; i ++)
857 	    fprintf(stderr, " %02X", string[i] & 255);
858 	  putc('\n', stderr);
859           break;
860 
861       case CUPS_ASN1_NULL_VALUE :
862           fprintf(stderr, "%s%*sNULL VALUE %d bytes\n", prefix, indent, "",
863 	          value_length);
864 
865 	  buffer += value_length;
866           break;
867 
868       case CUPS_ASN1_OID :
869           integer = asn1_get_oid(&buffer, bufend, value_length, oid,
870 	                         CUPS_SNMP_MAX_OID);
871 
872           fprintf(stderr, "%s%*sOID %d bytes ", prefix, indent, "",
873 	          value_length);
874 	  for (i = 0; i < (unsigned)integer; i ++)
875 	    fprintf(stderr, ".%d", oid[i]);
876 	  putc('\n', stderr);
877           break;
878 
879       case CUPS_ASN1_SEQUENCE :
880           fprintf(stderr, "%s%*sSEQUENCE %d bytes\n", prefix, indent, "",
881 	          value_length);
882           asn1_debug(prefix, buffer, value_length, indent + 4);
883 
884 	  buffer += value_length;
885           break;
886 
887       case CUPS_ASN1_GET_NEXT_REQUEST :
888           fprintf(stderr, "%s%*sGet-Next-Request-PDU %d bytes\n", prefix,
889 	          indent, "", value_length);
890           asn1_debug(prefix, buffer, value_length, indent + 4);
891 
892 	  buffer += value_length;
893           break;
894 
895       case CUPS_ASN1_GET_REQUEST :
896           fprintf(stderr, "%s%*sGet-Request-PDU %d bytes\n", prefix, indent, "",
897 	          value_length);
898           asn1_debug(prefix, buffer, value_length, indent + 4);
899 
900 	  buffer += value_length;
901           break;
902 
903       case CUPS_ASN1_GET_RESPONSE :
904           fprintf(stderr, "%s%*sGet-Response-PDU %d bytes\n", prefix, indent,
905 	          "", value_length);
906           asn1_debug(prefix, buffer, value_length, indent + 4);
907 
908 	  buffer += value_length;
909           break;
910 
911       default :
912           fprintf(stderr, "%s%*sUNKNOWN(%x) %d bytes\n", prefix, indent, "",
913 	          value_type, value_length);
914 
915 	  buffer += value_length;
916           break;
917     }
918   }
919 }
920 
921 
922 /*
923  * 'asn1_decode_snmp()' - Decode a SNMP packet.
924  */
925 
926 static int				/* O - 0 on success, -1 on error */
asn1_decode_snmp(unsigned char * buffer,size_t len,cups_snmp_t * packet)927 asn1_decode_snmp(unsigned char *buffer,	/* I - Buffer */
928                  size_t        len,	/* I - Size of buffer */
929                  cups_snmp_t   *packet)	/* I - SNMP packet */
930 {
931   unsigned char	*bufptr,		/* Pointer into the data */
932 		*bufend;		/* End of data */
933   unsigned	length;			/* Length of value */
934 
935 
936  /*
937   * Initialize the decoding...
938   */
939 
940   memset(packet, 0, sizeof(cups_snmp_t));
941   packet->object_name[0] = -1;
942 
943   bufptr = buffer;
944   bufend = buffer + len;
945 
946   if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_SEQUENCE)
947     snmp_set_error(packet, _("Packet does not start with SEQUENCE"));
948   else if (asn1_get_length(&bufptr, bufend) == 0)
949     snmp_set_error(packet, _("SEQUENCE uses indefinite length"));
950   else if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_INTEGER)
951     snmp_set_error(packet, _("No version number"));
952   else if ((length = asn1_get_length(&bufptr, bufend)) == 0)
953     snmp_set_error(packet, _("Version uses indefinite length"));
954   else if ((packet->version = asn1_get_integer(&bufptr, bufend, length))
955                != CUPS_SNMP_VERSION_1)
956     snmp_set_error(packet, _("Bad SNMP version number"));
957   else if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_OCTET_STRING)
958     snmp_set_error(packet, _("No community name"));
959   else if ((length = asn1_get_length(&bufptr, bufend)) == 0)
960     snmp_set_error(packet, _("Community name uses indefinite length"));
961   else
962   {
963     asn1_get_string(&bufptr, bufend, length, packet->community,
964                     sizeof(packet->community));
965 
966     if ((packet->request_type = (cups_asn1_t)asn1_get_type(&bufptr, bufend))
967             != CUPS_ASN1_GET_RESPONSE)
968       snmp_set_error(packet, _("Packet does not contain a Get-Response-PDU"));
969     else if (asn1_get_length(&bufptr, bufend) == 0)
970       snmp_set_error(packet, _("Get-Response-PDU uses indefinite length"));
971     else if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_INTEGER)
972       snmp_set_error(packet, _("No request-id"));
973     else if ((length = asn1_get_length(&bufptr, bufend)) == 0)
974       snmp_set_error(packet, _("request-id uses indefinite length"));
975     else
976     {
977       packet->request_id = (unsigned)asn1_get_integer(&bufptr, bufend, length);
978 
979       if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_INTEGER)
980 	snmp_set_error(packet, _("No error-status"));
981       else if ((length = asn1_get_length(&bufptr, bufend)) == 0)
982 	snmp_set_error(packet, _("error-status uses indefinite length"));
983       else
984       {
985 	packet->error_status = asn1_get_integer(&bufptr, bufend, length);
986 
987 	if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_INTEGER)
988 	  snmp_set_error(packet, _("No error-index"));
989 	else if ((length = asn1_get_length(&bufptr, bufend)) == 0)
990 	  snmp_set_error(packet, _("error-index uses indefinite length"));
991 	else
992 	{
993 	  packet->error_index = asn1_get_integer(&bufptr, bufend, length);
994 
995           if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_SEQUENCE)
996 	    snmp_set_error(packet, _("No variable-bindings SEQUENCE"));
997 	  else if (asn1_get_length(&bufptr, bufend) == 0)
998 	    snmp_set_error(packet,
999 	                   _("variable-bindings uses indefinite length"));
1000 	  else if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_SEQUENCE)
1001 	    snmp_set_error(packet, _("No VarBind SEQUENCE"));
1002 	  else if (asn1_get_length(&bufptr, bufend) == 0)
1003 	    snmp_set_error(packet, _("VarBind uses indefinite length"));
1004 	  else if (asn1_get_type(&bufptr, bufend) != CUPS_ASN1_OID)
1005 	    snmp_set_error(packet, _("No name OID"));
1006 	  else if ((length = asn1_get_length(&bufptr, bufend)) == 0)
1007 	    snmp_set_error(packet, _("Name OID uses indefinite length"));
1008           else
1009 	  {
1010 	    asn1_get_oid(&bufptr, bufend, length, packet->object_name,
1011 	                 CUPS_SNMP_MAX_OID);
1012 
1013             packet->object_type = (cups_asn1_t)asn1_get_type(&bufptr, bufend);
1014 
1015 	    if ((length = asn1_get_length(&bufptr, bufend)) == 0 &&
1016 	        packet->object_type != CUPS_ASN1_NULL_VALUE &&
1017 	        packet->object_type != CUPS_ASN1_OCTET_STRING)
1018 	      snmp_set_error(packet, _("Value uses indefinite length"));
1019 	    else
1020 	    {
1021 	      switch (packet->object_type)
1022 	      {
1023 	        case CUPS_ASN1_BOOLEAN :
1024 		    packet->object_value.boolean =
1025 		        asn1_get_integer(&bufptr, bufend, length);
1026 	            break;
1027 
1028 	        case CUPS_ASN1_INTEGER :
1029 		    packet->object_value.integer =
1030 		        asn1_get_integer(&bufptr, bufend, length);
1031 	            break;
1032 
1033 		case CUPS_ASN1_NULL_VALUE :
1034 		    break;
1035 
1036 	        case CUPS_ASN1_OCTET_STRING :
1037 	        case CUPS_ASN1_BIT_STRING :
1038 	        case CUPS_ASN1_HEX_STRING :
1039 		    packet->object_value.string.num_bytes = length;
1040 		    asn1_get_string(&bufptr, bufend, length,
1041 		                    (char *)packet->object_value.string.bytes,
1042 				    sizeof(packet->object_value.string.bytes));
1043 	            break;
1044 
1045 	        case CUPS_ASN1_OID :
1046 		    asn1_get_oid(&bufptr, bufend, length,
1047 		                 packet->object_value.oid, CUPS_SNMP_MAX_OID);
1048 	            break;
1049 
1050 	        case CUPS_ASN1_COUNTER :
1051 		    packet->object_value.counter =
1052 		        asn1_get_integer(&bufptr, bufend, length);
1053 	            break;
1054 
1055 	        case CUPS_ASN1_GAUGE :
1056 		    packet->object_value.gauge =
1057 		        (unsigned)asn1_get_integer(&bufptr, bufend, length);
1058 	            break;
1059 
1060 	        case CUPS_ASN1_TIMETICKS :
1061 		    packet->object_value.timeticks =
1062 		        (unsigned)asn1_get_integer(&bufptr, bufend, length);
1063 	            break;
1064 
1065                 default :
1066 		    snmp_set_error(packet, _("Unsupported value type"));
1067 		    break;
1068 	      }
1069 	    }
1070           }
1071 	}
1072       }
1073     }
1074   }
1075 
1076   return (packet->error ? -1 : 0);
1077 }
1078 
1079 
1080 /*
1081  * 'asn1_encode_snmp()' - Encode a SNMP packet.
1082  */
1083 
1084 static int				/* O - Length on success, -1 on error */
asn1_encode_snmp(unsigned char * buffer,size_t bufsize,cups_snmp_t * packet)1085 asn1_encode_snmp(unsigned char *buffer,	/* I - Buffer */
1086                  size_t        bufsize,	/* I - Size of buffer */
1087                  cups_snmp_t   *packet)	/* I - SNMP packet */
1088 {
1089   unsigned char	*bufptr;		/* Pointer into buffer */
1090   unsigned	total,			/* Total length */
1091 		msglen,			/* Length of entire message */
1092 		commlen,		/* Length of community string */
1093 		reqlen,			/* Length of request */
1094 		listlen,		/* Length of variable list */
1095 		varlen,			/* Length of variable */
1096 		namelen,		/* Length of object name OID */
1097 		valuelen;		/* Length of object value */
1098 
1099 
1100  /*
1101   * Get the lengths of the community string, OID, and message...
1102   */
1103 
1104 
1105   namelen = asn1_size_oid(packet->object_name);
1106 
1107   switch (packet->object_type)
1108   {
1109     case CUPS_ASN1_NULL_VALUE :
1110         valuelen = 0;
1111 	break;
1112 
1113     case CUPS_ASN1_BOOLEAN :
1114         valuelen = asn1_size_integer(packet->object_value.boolean);
1115 	break;
1116 
1117     case CUPS_ASN1_INTEGER :
1118         valuelen = asn1_size_integer(packet->object_value.integer);
1119 	break;
1120 
1121     case CUPS_ASN1_OCTET_STRING :
1122         valuelen = packet->object_value.string.num_bytes;
1123 	break;
1124 
1125     case CUPS_ASN1_OID :
1126         valuelen = asn1_size_oid(packet->object_value.oid);
1127 	break;
1128 
1129     default :
1130         packet->error = "Unknown object type";
1131         return (-1);
1132   }
1133 
1134   varlen  = 1 + asn1_size_length(namelen) + namelen +
1135             1 + asn1_size_length(valuelen) + valuelen;
1136   listlen = 1 + asn1_size_length(varlen) + varlen;
1137   reqlen  = 2 + asn1_size_integer((int)packet->request_id) +
1138             2 + asn1_size_integer(packet->error_status) +
1139             2 + asn1_size_integer(packet->error_index) +
1140             1 + asn1_size_length(listlen) + listlen;
1141   commlen = (unsigned)strlen(packet->community);
1142   msglen  = 2 + asn1_size_integer(packet->version) +
1143             1 + asn1_size_length(commlen) + commlen +
1144 	    1 + asn1_size_length(reqlen) + reqlen;
1145   total   = 1 + asn1_size_length(msglen) + msglen;
1146 
1147   if (total > bufsize)
1148   {
1149     packet->error = "Message too large for buffer";
1150     return (-1);
1151   }
1152 
1153  /*
1154   * Then format the message...
1155   */
1156 
1157   bufptr = buffer;
1158 
1159   *bufptr++ = CUPS_ASN1_SEQUENCE;	/* SNMPv1 message header */
1160   asn1_set_length(&bufptr, msglen);
1161 
1162   asn1_set_integer(&bufptr, packet->version);
1163 					/* version */
1164 
1165   *bufptr++ = CUPS_ASN1_OCTET_STRING;	/* community */
1166   asn1_set_length(&bufptr, commlen);
1167   memcpy(bufptr, packet->community, commlen);
1168   bufptr += commlen;
1169 
1170   *bufptr++ = (unsigned char)packet->request_type;	/* Get-Request-PDU/Get-Next-Request-PDU */
1171   asn1_set_length(&bufptr, reqlen);
1172 
1173   asn1_set_integer(&bufptr, (int)packet->request_id);
1174 
1175   asn1_set_integer(&bufptr, packet->error_status);
1176 
1177   asn1_set_integer(&bufptr, packet->error_index);
1178 
1179   *bufptr++ = CUPS_ASN1_SEQUENCE;	/* variable-bindings */
1180   asn1_set_length(&bufptr, listlen);
1181 
1182   *bufptr++ = CUPS_ASN1_SEQUENCE;	/* variable */
1183   asn1_set_length(&bufptr, varlen);
1184 
1185   asn1_set_oid(&bufptr, packet->object_name);
1186 					/* ObjectName */
1187 
1188   switch (packet->object_type)
1189   {
1190     case CUPS_ASN1_NULL_VALUE :
1191 	*bufptr++ = CUPS_ASN1_NULL_VALUE;
1192 					/* ObjectValue */
1193 	*bufptr++ = 0;			/* Length */
1194         break;
1195 
1196     case CUPS_ASN1_BOOLEAN :
1197         asn1_set_integer(&bufptr, packet->object_value.boolean);
1198 	break;
1199 
1200     case CUPS_ASN1_INTEGER :
1201         asn1_set_integer(&bufptr, packet->object_value.integer);
1202 	break;
1203 
1204     case CUPS_ASN1_OCTET_STRING :
1205         *bufptr++ = CUPS_ASN1_OCTET_STRING;
1206 	asn1_set_length(&bufptr, valuelen);
1207 	memcpy(bufptr, packet->object_value.string.bytes, valuelen);
1208 	bufptr += valuelen;
1209 	break;
1210 
1211     case CUPS_ASN1_OID :
1212         asn1_set_oid(&bufptr, packet->object_value.oid);
1213 	break;
1214 
1215     default :
1216         break;
1217   }
1218 
1219   return ((int)(bufptr - buffer));
1220 }
1221 
1222 
1223 /*
1224  * 'asn1_get_integer()' - Get an integer value.
1225  */
1226 
1227 static int				/* O  - Integer value */
asn1_get_integer(unsigned char ** buffer,unsigned char * bufend,unsigned length)1228 asn1_get_integer(
1229     unsigned char **buffer,		/* IO - Pointer in buffer */
1230     unsigned char *bufend,		/* I  - End of buffer */
1231     unsigned      length)		/* I  - Length of value */
1232 {
1233   int	value;				/* Integer value */
1234 
1235 
1236   if (*buffer >= bufend)
1237     return (0);
1238 
1239   if (length > sizeof(int))
1240   {
1241     (*buffer) += length;
1242     return (0);
1243   }
1244 
1245   for (value = (**buffer & 0x80) ? ~0 : 0;
1246        length > 0 && *buffer < bufend;
1247        length --, (*buffer) ++)
1248     value = ((value & 0xffffff) << 8) | **buffer;
1249 
1250   return (value);
1251 }
1252 
1253 
1254 /*
1255  * 'asn1_get_length()' - Get a value length.
1256  */
1257 
1258 static unsigned				/* O  - Length */
asn1_get_length(unsigned char ** buffer,unsigned char * bufend)1259 asn1_get_length(unsigned char **buffer,	/* IO - Pointer in buffer */
1260 		unsigned char *bufend)	/* I  - End of buffer */
1261 {
1262   unsigned	length;			/* Length */
1263 
1264 
1265   if (*buffer >= bufend)
1266     return (0);
1267 
1268   length = **buffer;
1269   (*buffer) ++;
1270 
1271   if (length & 128)
1272   {
1273     int	count;				/* Number of bytes for length */
1274 
1275 
1276     if ((count = length & 127) > sizeof(unsigned))
1277     {
1278       (*buffer) += count;
1279       return (0);
1280     }
1281 
1282     for (length = 0;
1283 	 count > 0 && *buffer < bufend;
1284 	 count --, (*buffer) ++)
1285       length = (length << 8) | **buffer;
1286   }
1287 
1288   return (length);
1289 }
1290 
1291 
1292 /*
1293  * 'asn1_get_oid()' - Get an OID value.
1294  */
1295 
1296 static int				/* O  - Number of OIDs */
asn1_get_oid(unsigned char ** buffer,unsigned char * bufend,unsigned length,int * oid,int oidsize)1297 asn1_get_oid(
1298     unsigned char **buffer,		/* IO - Pointer in buffer */
1299     unsigned char *bufend,		/* I  - End of buffer */
1300     unsigned      length,		/* I  - Length of value */
1301     int           *oid,			/* I  - OID buffer */
1302     int           oidsize)		/* I  - Size of OID buffer */
1303 {
1304   unsigned char	*valend;		/* End of value */
1305   int		*oidptr,		/* Current OID */
1306 		*oidend;		/* End of OID buffer */
1307   int		number;			/* OID number */
1308 
1309 
1310   if (*buffer >= bufend)
1311     return (0);
1312 
1313   valend = *buffer + length;
1314   oidptr = oid;
1315   oidend = oid + oidsize - 1;
1316 
1317   if (valend > bufend)
1318     valend = bufend;
1319 
1320   number = asn1_get_packed(buffer, bufend);
1321 
1322   if (number < 80)
1323   {
1324     *oidptr++ = number / 40;
1325     number    = number % 40;
1326     *oidptr++ = number;
1327   }
1328   else
1329   {
1330     *oidptr++ = 2;
1331     number    -= 80;
1332     *oidptr++ = number;
1333   }
1334 
1335   while (*buffer < valend)
1336   {
1337     number = asn1_get_packed(buffer, bufend);
1338 
1339     if (oidptr < oidend)
1340       *oidptr++ = number;
1341   }
1342 
1343   *oidptr = -1;
1344 
1345   return ((int)(oidptr - oid));
1346 }
1347 
1348 
1349 /*
1350  * 'asn1_get_packed()' - Get a packed integer value.
1351  */
1352 
1353 static int				/* O  - Value */
asn1_get_packed(unsigned char ** buffer,unsigned char * bufend)1354 asn1_get_packed(
1355     unsigned char **buffer,		/* IO - Pointer in buffer */
1356     unsigned char *bufend)		/* I  - End of buffer */
1357 {
1358   int	value;				/* Value */
1359 
1360 
1361   if (*buffer >= bufend)
1362     return (0);
1363 
1364   value = 0;
1365 
1366   while (*buffer < bufend && (**buffer & 128))
1367   {
1368     value = (value << 7) | (**buffer & 127);
1369     (*buffer) ++;
1370   }
1371 
1372   if (*buffer < bufend)
1373   {
1374     value = (value << 7) | **buffer;
1375     (*buffer) ++;
1376   }
1377 
1378   return (value);
1379 }
1380 
1381 
1382 /*
1383  * 'asn1_get_string()' - Get a string value.
1384  */
1385 
1386 static char *				/* O  - String */
asn1_get_string(unsigned char ** buffer,unsigned char * bufend,unsigned length,char * string,size_t strsize)1387 asn1_get_string(
1388     unsigned char **buffer,		/* IO - Pointer in buffer */
1389     unsigned char *bufend,		/* I  - End of buffer */
1390     unsigned      length,		/* I  - Value length */
1391     char          *string,		/* I  - String buffer */
1392     size_t        strsize)		/* I  - String buffer size */
1393 {
1394   if (*buffer >= bufend)
1395     return (NULL);
1396 
1397   if (length > (unsigned)(bufend - *buffer))
1398     length = (unsigned)(bufend - *buffer);
1399 
1400   if (length < strsize)
1401   {
1402    /*
1403     * String is smaller than the buffer...
1404     */
1405 
1406     if (length > 0)
1407       memcpy(string, *buffer, length);
1408 
1409     string[length] = '\0';
1410   }
1411   else
1412   {
1413    /*
1414     * String is larger than the buffer...
1415     */
1416 
1417     memcpy(string, *buffer, strsize - 1);
1418     string[strsize - 1] = '\0';
1419   }
1420 
1421   if (length > 0)
1422     (*buffer) += length;
1423 
1424   return (string);
1425 }
1426 
1427 
1428 /*
1429  * 'asn1_get_type()' - Get a value type.
1430  */
1431 
1432 static int				/* O  - Type */
asn1_get_type(unsigned char ** buffer,unsigned char * bufend)1433 asn1_get_type(unsigned char **buffer,	/* IO - Pointer in buffer */
1434 	      unsigned char *bufend)	/* I  - End of buffer */
1435 {
1436   int	type;				/* Type */
1437 
1438 
1439   if (*buffer >= bufend)
1440     return (0);
1441 
1442   type = **buffer;
1443   (*buffer) ++;
1444 
1445   if ((type & 31) == 31)
1446     type = asn1_get_packed(buffer, bufend);
1447 
1448   return (type);
1449 }
1450 
1451 
1452 /*
1453  * 'asn1_set_integer()' - Set an integer value.
1454  */
1455 
1456 static void
asn1_set_integer(unsigned char ** buffer,int integer)1457 asn1_set_integer(unsigned char **buffer,/* IO - Pointer in buffer */
1458                  int           integer)	/* I  - Integer value */
1459 {
1460   **buffer = CUPS_ASN1_INTEGER;
1461   (*buffer) ++;
1462 
1463   if (integer > 0x7fffff || integer < -0x800000)
1464   {
1465     **buffer = 4;
1466     (*buffer) ++;
1467     **buffer = (unsigned char)(integer >> 24);
1468     (*buffer) ++;
1469     **buffer = (unsigned char)(integer >> 16);
1470     (*buffer) ++;
1471     **buffer = (unsigned char)(integer >> 8);
1472     (*buffer) ++;
1473     **buffer = (unsigned char)integer;
1474     (*buffer) ++;
1475   }
1476   else if (integer > 0x7fff || integer < -0x8000)
1477   {
1478     **buffer = 3;
1479     (*buffer) ++;
1480     **buffer = (unsigned char)(integer >> 16);
1481     (*buffer) ++;
1482     **buffer = (unsigned char)(integer >> 8);
1483     (*buffer) ++;
1484     **buffer = (unsigned char)integer;
1485     (*buffer) ++;
1486   }
1487   else if (integer > 0x7f || integer < -0x80)
1488   {
1489     **buffer = 2;
1490     (*buffer) ++;
1491     **buffer = (unsigned char)(integer >> 8);
1492     (*buffer) ++;
1493     **buffer = (unsigned char)integer;
1494     (*buffer) ++;
1495   }
1496   else
1497   {
1498     **buffer = 1;
1499     (*buffer) ++;
1500     **buffer = (unsigned char)integer;
1501     (*buffer) ++;
1502   }
1503 }
1504 
1505 
1506 /*
1507  * 'asn1_set_length()' - Set a value length.
1508  */
1509 
1510 static void
asn1_set_length(unsigned char ** buffer,unsigned length)1511 asn1_set_length(unsigned char **buffer,	/* IO - Pointer in buffer */
1512 		unsigned      length)	/* I  - Length value */
1513 {
1514   if (length > 255)
1515   {
1516     **buffer = 0x82;			/* 2-byte length */
1517     (*buffer) ++;
1518     **buffer = (unsigned char)(length >> 8);
1519     (*buffer) ++;
1520     **buffer = (unsigned char)length;
1521     (*buffer) ++;
1522   }
1523   else if (length > 127)
1524   {
1525     **buffer = 0x81;			/* 1-byte length */
1526     (*buffer) ++;
1527     **buffer = (unsigned char)length;
1528     (*buffer) ++;
1529   }
1530   else
1531   {
1532     **buffer = (unsigned char)length;	/* Length */
1533     (*buffer) ++;
1534   }
1535 }
1536 
1537 
1538 /*
1539  * 'asn1_set_oid()' - Set an OID value.
1540  */
1541 
1542 static void
asn1_set_oid(unsigned char ** buffer,const int * oid)1543 asn1_set_oid(unsigned char **buffer,	/* IO - Pointer in buffer */
1544              const int     *oid)	/* I  - OID value */
1545 {
1546   **buffer = CUPS_ASN1_OID;
1547   (*buffer) ++;
1548 
1549   asn1_set_length(buffer, asn1_size_oid(oid));
1550 
1551   if (oid[1] < 0)
1552   {
1553     asn1_set_packed(buffer, oid[0] * 40);
1554     return;
1555   }
1556 
1557   asn1_set_packed(buffer, oid[0] * 40 + oid[1]);
1558 
1559   for (oid += 2; *oid >= 0; oid ++)
1560     asn1_set_packed(buffer, *oid);
1561 }
1562 
1563 
1564 /*
1565  * 'asn1_set_packed()' - Set a packed integer value.
1566  */
1567 
1568 static void
asn1_set_packed(unsigned char ** buffer,int integer)1569 asn1_set_packed(unsigned char **buffer,	/* IO - Pointer in buffer */
1570 		int           integer)	/* I  - Integer value */
1571 {
1572   if (integer > 0xfffffff)
1573   {
1574     **buffer = ((integer >> 28) & 0x7f) | 0x80;
1575     (*buffer) ++;
1576   }
1577 
1578   if (integer > 0x1fffff)
1579   {
1580     **buffer = ((integer >> 21) & 0x7f) | 0x80;
1581     (*buffer) ++;
1582   }
1583 
1584   if (integer > 0x3fff)
1585   {
1586     **buffer = ((integer >> 14) & 0x7f) | 0x80;
1587     (*buffer) ++;
1588   }
1589 
1590   if (integer > 0x7f)
1591   {
1592     **buffer = ((integer >> 7) & 0x7f) | 0x80;
1593     (*buffer) ++;
1594   }
1595 
1596   **buffer = integer & 0x7f;
1597   (*buffer) ++;
1598 }
1599 
1600 
1601 /*
1602  * 'asn1_size_integer()' - Figure out the number of bytes needed for an
1603  *                         integer value.
1604  */
1605 
1606 static unsigned				/* O - Size in bytes */
asn1_size_integer(int integer)1607 asn1_size_integer(int integer)		/* I - Integer value */
1608 {
1609   if (integer > 0x7fffff || integer < -0x800000)
1610     return (4);
1611   else if (integer > 0x7fff || integer < -0x8000)
1612     return (3);
1613   else if (integer > 0x7f || integer < -0x80)
1614     return (2);
1615   else
1616     return (1);
1617 }
1618 
1619 
1620 /*
1621  * 'asn1_size_length()' - Figure out the number of bytes needed for a
1622  *                        length value.
1623  */
1624 
1625 static unsigned				/* O - Size in bytes */
asn1_size_length(unsigned length)1626 asn1_size_length(unsigned length)	/* I - Length value */
1627 {
1628   if (length > 0xff)
1629     return (3);
1630   else if (length > 0x7f)
1631     return (2);
1632   else
1633     return (1);
1634 }
1635 
1636 
1637 /*
1638  * 'asn1_size_oid()' - Figure out the number of bytes needed for an
1639  *                     OID value.
1640  */
1641 
1642 static unsigned				/* O - Size in bytes */
asn1_size_oid(const int * oid)1643 asn1_size_oid(const int *oid)		/* I - OID value */
1644 {
1645   unsigned	length;			/* Length of value */
1646 
1647 
1648   if (oid[1] < 0)
1649     return (asn1_size_packed(oid[0] * 40));
1650 
1651   for (length = asn1_size_packed(oid[0] * 40 + oid[1]), oid += 2;
1652        *oid >= 0;
1653        oid ++)
1654     length += asn1_size_packed(*oid);
1655 
1656   return (length);
1657 }
1658 
1659 
1660 /*
1661  * 'asn1_size_packed()' - Figure out the number of bytes needed for a
1662  *                        packed integer value.
1663  */
1664 
1665 static unsigned				/* O - Size in bytes */
asn1_size_packed(int integer)1666 asn1_size_packed(int integer)		/* I - Integer value */
1667 {
1668   if (integer > 0xfffffff)
1669     return (5);
1670   else if (integer > 0x1fffff)
1671     return (4);
1672   else if (integer > 0x3fff)
1673     return (3);
1674   else if (integer > 0x7f)
1675     return (2);
1676   else
1677     return (1);
1678 }
1679 
1680 
1681 /*
1682  * 'snmp_set_error()' - Set the localized error for a packet.
1683  */
1684 
1685 static void
snmp_set_error(cups_snmp_t * packet,const char * message)1686 snmp_set_error(cups_snmp_t *packet,	/* I - Packet */
1687                const char *message)	/* I - Error message */
1688 {
1689   _cups_globals_t *cg = _cupsGlobals();	/* Global data */
1690 
1691 
1692   if (!cg->lang_default)
1693     cg->lang_default = cupsLangDefault();
1694 
1695   packet->error = _cupsLangString(cg->lang_default, message);
1696 }
1697