Hello,
The function ber_free_elements() sets the variable ber to NULL in most
error cases and calls ber_free_elements(ber). This causes a NULL
dereference in ber_free_elements. This patch fix that problem.
bye,
Jan
Index: ber.c
===================================================================
RCS file: /cvs/src/usr.sbin/snmpd/ber.c,v
retrieving revision 1.31
diff -u -p -r1.31 ber.c
--- ber.c 5 Mar 2016 03:31:36 -0000 1.31
+++ ber.c 9 May 2016 19:20:54 -0000
@@ -847,6 +847,8 @@ ber_getpos(struct ber_element *elm)
void
ber_free_elements(struct ber_element *root)
{
+ if (root == NULL)
+ return;
if (root->be_sub && (root->be_encoding == BER_TYPE_SEQUENCE ||
root->be_encoding == BER_TYPE_SET))
ber_free_elements(root->be_sub);
