net-snmp 3.7.0 → 3.8.0

package/.travis.yml

@@ -1,7 +1,7 @@
 language: node_js
 node_js:
-  - node
   - lts/*
+  - 14
   - 12
   - 10
   - 8

package/.vscode/launch.json

@@ -40,6 +40,24 @@
                 "1.3.6.1.2.1.1.1.0"
             ]
         },
+        {
+            "type": "node",
+            "request": "launch",
+            "name": "SNMP community get bulk",
+            "skipFiles": [
+                "<node_internals>/**"
+            ],
+            "program": "${workspaceFolder}/example/snmp-get-bulk.js",
+            "args": [
+                "-v", "2c",
+                "-c", "public",
+                "-o", "1",
+                "-r", "20",
+                "127.0.0.1",
+                "1.3.6.1.2.1.1.9",
+                "1.3.6.1.2.1.2"
+            ]
+        },
         {
             "type": "node",
             "request": "launch",

package/README.md

@@ -315,7 +315,7 @@ Actions
 - `4 -  ECouldNotDecrypt`
 - `5 -  EAuthFailure`
 - `6 -  EReqResOidNoMatch`
-- `7 -  ENonRepeaterCountMismatch`
+- `7 -  (no longer used)
 - `8 -  EOutOfOrder`
 - `9 -  EVersionNoMatch`
 - `10 -  ECommunityNoMatch`
@@ -3203,6 +3203,18 @@ Example programs are included under the module's `example` directory.
 
  * Add SHA-2 authentication support (SHA-224, SHA-256, SHA-384, SHA-512)
 
+## Version 3.7.1 - 05/06/2022
+
+ * Fix DES decrypt corruption issue
+
+## Version 3.7.2 - 05/06/2022
+
+ * Improve getBulk response handling
+
+## Version 3.8.0 - 07/06/2022
+
+ * Fix 32-bit unsigned integer writing
+
 # License
 
 Copyright (c) 2020 Mark Abrahams <mark@abrahams.co.nz>

package/index.js

@@ -11,7 +11,10 @@ var crypto = require ("crypto");
 var mibparser = require ("./lib/mib");
 var DEBUG = false;
 
-var MAX_INT32 = 2147483647;
+var MIN_SIGNED_INT32 = -2147483648;
+var MAX_SIGNED_INT32 = 2147483647;
+var MIN_UNSIGNED_INT32 = 0;
+var MAX_UNSIGNED_INT32 = 4294967295;
 
 function debug (line) {
 	if ( DEBUG ) {
@@ -265,7 +268,7 @@ var ResponseInvalidCode = {
 	4: "ECouldNotDecrypt",
 	5: "EAuthFailure",
 	6: "EReqResOidNoMatch",
-	7: "ENonRepeaterCountMismatch",
+//	7: "ENonRepeaterCountMismatch",  // no longer used
 	8: "EOutOfOrder",
 	9: "EVersionNoMatch",
 	10: "ECommunityNoMatch",
@@ -378,71 +381,26 @@ function oidInSubtree (oidString, nextString) {
 	return true;
 }
 
-/**
- ** Some SNMP agents produce integers on the wire such as 00 ff ff ff ff.
- ** The ASN.1 BER parser we use throws an error when parsing this, which we
- ** believe is correct.  So, we decided not to bother the "asn1" developer(s)
- ** with this, instead opting to work around it here.
- **
- ** If an integer is 5 bytes in length we check if the first byte is 0, and if so
- ** simply drop it and parse it like it was a 4 byte integer, otherwise throw
- ** an error since the integer is too large.
- **/
-
-function readInt (buffer) {
-	return readUint (buffer, true);
-}
-
-function readIpAddress (buffer) {
-	var bytes = buffer.readString (ObjectType.IpAddress, true);
-	if (bytes.length != 4)
-		throw new ResponseInvalidError ("Length '" + bytes.length
-				+ "' of IP address '" + bytes.toString ("hex")
-				+ "' is not 4", ResponseInvalidCode.EIp4AddressSize);
-	var value = bytes[0] + "." + bytes[1] + "." + bytes[2] + "." + bytes[3];
-	return value;
-}
-
-function readUint (buffer, isSigned) {
-	buffer.readByte ();
-	var length = buffer.readByte ();
-	var value = 0;
-	var signedBitSet = false;
-
-	// Handle BER long-form length encoding
-	if ((length & 0x80) == 0x80) {
-		var lengthOctets = (length & 0x7f);
-		length = 0;
-		for (var lengthOctet = 0; lengthOctet < lengthOctets; lengthOctet++) {
-			length *= 256;
-			length += buffer.readByte ();
-		}
+function readInt32 (buffer) {
+	var parsedInt = buffer.readInt ();
+	if ( ! Number.isInteger(parsedInt) ) {
+		throw new TypeError('Value read as integer ' + parsedInt + ' is not an integer');
 	}
-
-	if (length > 5) {
-		throw new RangeError ("Integer too long '" + length + "'");
-	} else if (length == 5) {
-		if (buffer.readByte () !== 0)
-			throw new RangeError ("Integer too long '" + length + "'");
-		length = 4;
+	if ( parsedInt < MIN_SIGNED_INT32 || parsedInt > MAX_SIGNED_INT32 ) {
+		throw new RangeError('Read integer ' + parsedInt + ' is outside the signed 32-bit range');
 	}
+	return parsedInt;
+}
 
-	for (var i = 0; i < length; i++) {
-		value *= 256;
-		value += buffer.readByte ();
-
-		if (isSigned && i <= 0) {
-			if ((value & 0x80) == 0x80) {
-				signedBitSet = true;
-			}
-		}
+function readUint32 (buffer) {
+	var parsedInt = buffer.readInt ();
+	if ( ! Number.isInteger(parsedInt) ) {
+		throw new TypeError('Value read as integer ' + parsedInt + ' is not an integer');
 	}
-	
-	if (signedBitSet) {
-		value -= 2 ** (i * 8);
+	if ( parsedInt < MIN_UNSIGNED_INT32 || parsedInt > MAX_UNSIGNED_INT32 ) {
+		throw new RangeError('Read integer ' + parsedInt + ' is outside the unsigned 32-bit range');
 	}
-
-	return value;
+	return parsedInt;
 }
 
 function readUint64 (buffer) {
@@ -451,12 +409,22 @@ function readUint64 (buffer) {
 	return value;
 }
 
+function readIpAddress (buffer) {
+	var bytes = buffer.readString (ObjectType.IpAddress, true);
+	if (bytes.length != 4)
+		throw new ResponseInvalidError ("Length '" + bytes.length
+				+ "' of IP address '" + bytes.toString ("hex")
+				+ "' is not 4", ResponseInvalidCode.EIp4AddressSize);
+	var value = bytes[0] + "." + bytes[1] + "." + bytes[2] + "." + bytes[3];
+	return value;
+}
+
 function readVarbindValue (buffer, type) {
 	var value;
 	if (type == ObjectType.Boolean) {
 		value = buffer.readBoolean ();
 	} else if (type == ObjectType.Integer) {
-		value = readInt (buffer);
+		value = readInt32 (buffer);
 	} else if (type == ObjectType.OctetString) {
 		value = buffer.readString (null, true);
 	} else if (type == ObjectType.Null) {
@@ -468,11 +436,11 @@ function readVarbindValue (buffer, type) {
 	} else if (type == ObjectType.IpAddress) {
 		value = readIpAddress (buffer);
 	} else if (type == ObjectType.Counter) {
-		value = readUint (buffer);
+		value = readUint32 (buffer);
 	} else if (type == ObjectType.Gauge) {
-		value = readUint (buffer);
+		value = readUint32 (buffer);
 	} else if (type == ObjectType.TimeTicks) {
-		value = readUint (buffer);
+		value = readUint32 (buffer);
 	} else if (type == ObjectType.Opaque) {
 		value = buffer.readString (ObjectType.Opaque, true);
 	} else if (type == ObjectType.Counter64) {
@@ -519,10 +487,24 @@ function readVarbinds (buffer, varbinds) {
 	}
 }
 
-function writeUint (buffer, type, value) {
-	var b = Buffer.alloc (4);
-	b.writeUInt32BE (value, 0);
-	buffer.writeBuffer (b, type);
+function writeInt32 (buffer, type, value) {
+	if ( ! Number.isInteger(value) ) {
+		throw new TypeError('Value to write as integer ' + value + ' is not an integer');
+	}
+	if ( value < MIN_SIGNED_INT32 || value > MAX_SIGNED_INT32 ) {
+		throw new RangeError('Integer to write ' + value + ' is outside the signed 32-bit range');
+	}
+	buffer.writeInt(value, type);
+}
+
+function writeUint32 (buffer, type, value) {
+	if ( ! Number.isInteger(value) ) {
+		throw new TypeError('Value to write as integer ' + value + ' is not an integer');
+	}
+	if ( value < MIN_UNSIGNED_INT32 || value > MAX_UNSIGNED_INT32 ) {
+		throw new RangeError('Integer to write ' + value + ' is outside the unsigned 32-bit range');
+	}
+	buffer.writeInt(value, type);
 }
 
 function writeUint64 (buffer, value) {
@@ -544,7 +526,7 @@ function writeVarbinds (buffer, varbinds) {
 					buffer.writeBoolean (value ? true : false);
 					break;
 				case ObjectType.Integer: // also Integer32
-					buffer.writeInt (value);
+					writeInt32 (buffer, ObjectType.Integer, value);
 					break;
 				case ObjectType.OctetString:
 					if (typeof value == "string")
@@ -566,13 +548,13 @@ function writeVarbinds (buffer, varbinds) {
 					buffer.writeBuffer (Buffer.from (bytes), 64);
 					break;
 				case ObjectType.Counter: // also Counter32
-					writeUint (buffer, ObjectType.Counter, value);
+					writeUint32 (buffer, ObjectType.Counter, value);
 					break;
 				case ObjectType.Gauge: // also Gauge32 & Unsigned32
-					writeUint (buffer, ObjectType.Gauge, value);
+					writeUint32 (buffer, ObjectType.Gauge, value);
 					break;
 				case ObjectType.TimeTicks:
-					writeUint (buffer, ObjectType.TimeTicks, value);
+					writeUint32 (buffer, ObjectType.TimeTicks, value);
 					break;
 				case ObjectType.Opaque:
 					buffer.writeBuffer (value, ObjectType.Opaque);
@@ -609,11 +591,13 @@ var SimplePdu = function () {
 SimplePdu.prototype.toBuffer = function (buffer) {
 	buffer.startSequence (this.type);
 
-	buffer.writeInt (this.id);
-	buffer.writeInt ((this.type == PduType.GetBulkRequest)
+	writeInt32 (buffer, ObjectType.Integer, this.id);
+	writeInt32 (buffer, ObjectType.Integer,
+			(this.type == PduType.GetBulkRequest)
 			? (this.options.nonRepeaters || 0)
 			: 0);
-	buffer.writeInt ((this.type == PduType.GetBulkRequest)
+	writeInt32 (buffer, ObjectType.Integer,
+			(this.type == PduType.GetBulkRequest)
 			? (this.options.maxRepetitions || 0)
 			: 0);
 
@@ -633,9 +617,9 @@ SimplePdu.prototype.initializeFromBuffer = function (reader) {
 	this.type = reader.peek ();
 	reader.readSequence ();
 
-	this.id = reader.readInt ();
-	this.nonRepeaters = reader.readInt ();
-	this.maxRepetitions = reader.readInt ();
+	this.id = readInt32 (reader);
+	this.nonRepeaters = readInt32 (reader);
+	this.maxRepetitions = readInt32 (reader);
 
 	this.varbinds = [];
 	readVarbinds (reader, this.varbinds);
@@ -740,9 +724,9 @@ TrapPdu.prototype.toBuffer = function (buffer) {
 	buffer.writeOID (this.enterprise);
 	buffer.writeBuffer (Buffer.from (this.agentAddr.split (".")),
 			ObjectType.IpAddress);
-	buffer.writeInt (this.generic);
-	buffer.writeInt (this.specific);
-	writeUint (buffer, ObjectType.TimeTicks,
+	writeInt32 (buffer, ObjectType.Integer, this.generic);
+	writeInt32 (buffer, ObjectType.Integer, this.specific);
+	writeUint32 (buffer, ObjectType.TimeTicks,
 			this.upTime || Math.floor (process.uptime () * 100));
 
 	writeVarbinds (buffer, this.varbinds);
@@ -756,9 +740,9 @@ TrapPdu.createFromBuffer = function (reader) {
 
 	pdu.enterprise = reader.readOID ();
 	pdu.agentAddr = readIpAddress (reader);
-	pdu.generic = reader.readInt ();
-	pdu.specific = reader.readInt ();
-	pdu.upTime = readUint (reader);
+	pdu.generic = readInt32 (reader);
+	pdu.specific = readInt32 (reader);
+	pdu.upTime = readUint32 (reader);
 
 	pdu.varbinds = [];
 	readVarbinds (reader, pdu.varbinds);
@@ -811,9 +795,9 @@ var SimpleResponsePdu = function() {
 SimpleResponsePdu.prototype.toBuffer = function (writer) {
 	writer.startSequence (this.type);
 
-	writer.writeInt (this.id);
-	writer.writeInt (this.errorStatus || 0);
-	writer.writeInt (this.errorIndex || 0);
+	writeInt32 (writer, ObjectType.Integer, this.id);
+	writeInt32 (writer, this.errorStatus || 0);
+	writeInt32 (writer, ObjectType.Integer, this.errorIndex || 0);
 	writeVarbinds (writer, this.varbinds);
 	writer.endSequence ();
 
@@ -822,9 +806,9 @@ SimpleResponsePdu.prototype.toBuffer = function (writer) {
 SimpleResponsePdu.prototype.initializeFromBuffer = function (reader) {
 	reader.readSequence (this.type);
 
-	this.id = reader.readInt ();
-	this.errorStatus = reader.readInt ();
-	this.errorIndex = reader.readInt ();
+	this.id = readInt32 (reader);
+	this.errorStatus = readInt32 (reader);
+	this.errorIndex = readInt32 (reader);
 
 	this.varbinds = [];
 	readVarbinds (reader, this.varbinds);
@@ -879,7 +863,7 @@ var readPdu = function (reader, scoped) {
 	var contextEngineID;
 	var contextName;
 	if ( scoped ) {
-		reader.readSequence ();
+		reader = new ber.Reader (reader.readString (ber.Sequence | ber.Constructor, true));
 		contextEngineID = reader.readString (ber.OctetString, true);
 		contextName = reader.readString ();
 	}
@@ -1051,9 +1035,9 @@ Encryption.encryptPdu = function (privProtocol, scopedPdu, privPassword, authPro
 	return encryptFunction (scopedPdu, privProtocol, privPassword, authProtocol, engine);
 };
 
-Encryption.decryptPdu = function (privProtocol, encryptedPdu, privParameters, privPassword, authProtocol, engine, forceAutoPaddingDisable) {
+Encryption.decryptPdu = function (privProtocol, encryptedPdu, privParameters, privPassword, authProtocol, engine) {
 	var decryptFunction = Encryption.algorithms[privProtocol].decryptPdu;
-	return decryptFunction (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine, forceAutoPaddingDisable);
+	return decryptFunction (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine);
 };
 
 Encryption.debugEncrypt = function (encryptionKey, iv, plainPdu, encryptedPdu) {
@@ -1179,7 +1163,7 @@ Encryption.encryptPduDes = function (scopedPdu, privProtocol, privPassword, auth
 	};
 };
 
-Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine, forceAutoPaddingDisable) {
+Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters, privPassword, authProtocol, engine) {
 	var des = Encryption.algorithms[PrivProtocols.des];
 	var privLocalizedKey;
 	var decryptionKey;
@@ -1203,23 +1187,9 @@ Encryption.decryptPduDes = function (encryptedPdu, privProtocol, privParameters,
 	}
 	
 	decipher = crypto.createDecipheriv (des.CRYPTO_ALGORITHM, decryptionKey, iv);
-	if ( forceAutoPaddingDisable ) {
-		decipher.setAutoPadding(false);
-	}
+	decipher.setAutoPadding(false);
 	decryptedPdu = decipher.update (encryptedPdu);
-	// This try-catch is a workaround for a seemingly incorrect error condition
-	// - where sometimes a decrypt error is thrown with decipher.final()
-	// It replaces this line which should have been sufficient:
-	// decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
-	try {
-		decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
-	} catch (error) {
-		// debug("Decrypt error: " + error);
-		decipher = crypto.createDecipheriv (des.CRYPTO_ALGORITHM, decryptionKey, iv);
-		decipher.setAutoPadding(false);
-		decryptedPdu = decipher.update (encryptedPdu);
-		decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
-	}
+	decryptedPdu = Buffer.concat ([decryptedPdu, decipher.final()]);
 	// Encryption.debugDecrypt (decryptionKey, iv, encryptedPdu, decryptedPdu);
 
 	return decryptedPdu;
@@ -1349,7 +1319,7 @@ Message.prototype.toBufferCommunity = function () {
 
 	writer.startSequence ();
 
-	writer.writeInt (this.version);
+	writeInt32 (writer, ObjectType.Integer, this.version);
 	writer.writeString (this.community);
 
 	this.pdu.toBuffer (writer);
@@ -1394,16 +1364,16 @@ Message.prototype.toBufferV3 = function () {
 
 	writer.startSequence ();
 
-	writer.writeInt (this.version);
+	writeInt32 (writer, ObjectType.Integer, this.version);
 
 	// HeaderData
 	writer.startSequence ();
-	writer.writeInt (this.msgGlobalData.msgID);
-	writer.writeInt (this.msgGlobalData.msgMaxSize);
+	writeInt32 (writer, ObjectType.Integer, this.msgGlobalData.msgID);
+	writeInt32 (writer, ObjectType.Integer, this.msgGlobalData.msgMaxSize);
 	writer.writeByte (ber.OctetString);
 	writer.writeByte (1);
 	writer.writeByte (this.msgGlobalData.msgFlags);
-	writer.writeInt (this.msgGlobalData.msgSecurityModel);
+	writeInt32 (writer, ObjectType.Integer, this.msgGlobalData.msgSecurityModel);
 	writer.endSequence ();
 
 	// msgSecurityParameters
@@ -1416,8 +1386,8 @@ Message.prototype.toBufferV3 = function () {
 	} else {
 		writer.writeBuffer (this.msgSecurityParameters.msgAuthoritativeEngineID, ber.OctetString);
 	}
-	writer.writeInt (this.msgSecurityParameters.msgAuthoritativeEngineBoots);
-	writer.writeInt (this.msgSecurityParameters.msgAuthoritativeEngineTime);
+	writeInt32 (writer, ObjectType.Integer, this.msgSecurityParameters.msgAuthoritativeEngineBoots);
+	writeInt32 (writer, ObjectType.Integer, this.msgSecurityParameters.msgAuthoritativeEngineTime);
 	writer.writeString (this.msgSecurityParameters.msgUserName);
 
 	var msgAuthenticationParameters = '';
@@ -1491,23 +1461,10 @@ Message.prototype.decryptPdu = function (user, responseCb) {
 		decryptedPduReader = new ber.Reader (decryptedPdu);
 		this.pdu = readPdu(decryptedPduReader, true);
 		return true;
-	// really really occasionally the decrypt truncates a single byte
-	// causing an ASN read failure in readPdu()
-	// in this case, disabling auto padding decrypts the PDU correctly
-	// this try-catch provides the workaround for this condition
-	} catch (possibleTruncationError) {
-		try {
-			decryptedPdu = Encryption.decryptPdu(user.privProtocol, this.encryptedPdu,
-					this.msgSecurityParameters.msgPrivacyParameters, user.privKey, user.authProtocol,
-					this.msgSecurityParameters.msgAuthoritativeEngineID, true);
-			decryptedPduReader = new ber.Reader (decryptedPdu);
-			this.pdu = readPdu(decryptedPduReader, true);
-			return true;
-		} catch (error) {
-			responseCb (new ResponseInvalidError ("Failed to decrypt PDU: " + error,
-					ResponseInvalidCode.ECouldNotDecrypt));
-			return false;
-		}
+	} catch (error) {
+		responseCb (new ResponseInvalidError ("Failed to decrypt PDU: " + error,
+				ResponseInvalidCode.ECouldNotDecrypt));
+		return false;
 	}
 
 };
@@ -1690,7 +1647,7 @@ Message.createFromBuffer = function (buffer, user) {
 
 	reader.readSequence ();
 
-	message.version = reader.readInt ();
+	message.version = readInt32 (reader);
 
 	if (message.version != 3) {
 		message.community = reader.readString ();
@@ -1699,18 +1656,18 @@ Message.createFromBuffer = function (buffer, user) {
 		// HeaderData
 		message.msgGlobalData = {};
 		reader.readSequence ();
-		message.msgGlobalData.msgID = reader.readInt ();
-		message.msgGlobalData.msgMaxSize = reader.readInt ();
+		message.msgGlobalData.msgID = readInt32 (reader);
+		message.msgGlobalData.msgMaxSize = readInt32 (reader);
 		message.msgGlobalData.msgFlags = reader.readString (ber.OctetString, true)[0];
-		message.msgGlobalData.msgSecurityModel = reader.readInt ();
+		message.msgGlobalData.msgSecurityModel = readInt32 (reader);
 
 		// msgSecurityParameters
 		message.msgSecurityParameters = {};
 		var msgSecurityParametersReader = new ber.Reader (reader.readString (ber.OctetString, true));
 		msgSecurityParametersReader.readSequence ();
 		message.msgSecurityParameters.msgAuthoritativeEngineID = msgSecurityParametersReader.readString (ber.OctetString, true);
-		message.msgSecurityParameters.msgAuthoritativeEngineBoots = msgSecurityParametersReader.readInt ();
-		message.msgSecurityParameters.msgAuthoritativeEngineTime = msgSecurityParametersReader.readInt ();
+		message.msgSecurityParameters.msgAuthoritativeEngineBoots = readInt32 (msgSecurityParametersReader);
+		message.msgSecurityParameters.msgAuthoritativeEngineTime = readInt32 (msgSecurityParametersReader);
 		message.msgSecurityParameters.msgUserName = msgSecurityParametersReader.readString ();
 		message.msgSecurityParameters.msgAuthenticationParameters = msgSecurityParametersReader.readString (ber.OctetString, true);
 		message.msgSecurityParameters.msgPrivacyParameters = Buffer.from(msgSecurityParametersReader.readString (ber.OctetString, true));
@@ -1895,6 +1852,7 @@ Session.prototype.get = function (oids, responseCb) {
 
 Session.prototype.getBulk = function () {
 	var oids, nonRepeaters, maxRepetitions, responseCb;
+	var reportOidMismatchErrors = this.reportOidMismatchErrors;
 	var backwardsGetNexts = this.backwardsGetNexts;
 
 	if (arguments.length >= 4) {
@@ -1916,71 +1874,59 @@ Session.prototype.getBulk = function () {
 
 	function feedCb (req, message) {
 		var pdu = message.pdu;
+		var reqVarbinds = req.message.pdu.varbinds;
 		var varbinds = [];
 		var i = 0;
 
-		// first walk through and grab non-repeaters
-		if (pdu.varbinds.length < nonRepeaters) {
-			req.responseCb (new ResponseInvalidError ("Varbind count in "
-					+ "response '" + pdu.varbinds.length + "' is less than "
-					+ "non-repeaters '" + nonRepeaters + "' in request",
-					ResponseInvalidCode.ENonRepeaterCountMismatch));
-			return;
-		} else {
-			for ( ; i < nonRepeaters; i++) {
-				if (isVarbindError (pdu.varbinds[i])) {
-					varbinds.push (pdu.varbinds[i]);
-				} else if (! oidFollowsOid (req.message.pdu.varbinds[i].oid,
-						pdu.varbinds[i].oid)) {
-					req.responseCb (new ResponseInvalidError ("OID '"
-							+ req.message.pdu.varbinds[i].oid + "' in request at "
-							+ "positiion '" + i + "' does not precede "
-							+ "OID '" + pdu.varbinds[i].oid + "' in response "
+		for ( ; i < reqVarbinds.length && i < pdu.varbinds.length; i++) {
+			if (isVarbindError (pdu.varbinds[i])) {
+				if ( reportOidMismatchErrors && reqVarbinds[i].oid != pdu.varbinds[i].oid ) {
+					req.responseCb (new ResponseInvalidError ("OID '" + reqVarbinds[i].oid
+							+ "' in request at position '" + i + "' does not "
+							+ "match OID '" + pdu.varbinds[i].oid + "' in response "
+							+ "at position '" + i + "'", ResponseInvalidCode.EReqResOidNoMatch));
+					return;
+				}
+			} else {
+				if ( ! backwardsGetNexts && ! oidFollowsOid (reqVarbinds[i].oid, pdu.varbinds[i].oid)) {
+					req.responseCb (new ResponseInvalidError ("OID '" + reqVarbinds[i].oid
+							+ "' in request at positiion '" + i + "' does not "
+							+ "precede OID '" + pdu.varbinds[i].oid + "' in response "
 							+ "at position '" + i + "'", ResponseInvalidCode.EOutOfOrder));
 					return;
-				} else {
-					varbinds.push (pdu.varbinds[i]);
 				}
 			}
+			if (i < nonRepeaters)
+				varbinds.push (pdu.varbinds[i]);
+			else
+				varbinds.push ([pdu.varbinds[i]]);
 		}
 
-		var repeaters = req.message.pdu.varbinds.length - nonRepeaters;
+		var repeaters = reqVarbinds.length - nonRepeaters;
 
-		// secondly walk through and grab repeaters
-		if (pdu.varbinds.length % (repeaters)) {
-			req.responseCb (new ResponseInvalidError ("Varbind count in "
-					+ "response '" + pdu.varbinds.length + "' is not a "
-					+ "multiple of repeaters '" + repeaters
-					+ "' plus non-repeaters '" + nonRepeaters + "' in request",
-					ResponseInvalidCode.ENonRepeaterCountMismatch));
-		} else {
-			while (i < pdu.varbinds.length) {
-				for (var j = 0; j < repeaters; j++, i++) {
-					var reqIndex = nonRepeaters + j;
-					var respIndex = i;
-
-					if (isVarbindError (pdu.varbinds[respIndex])) {
-						if (! varbinds[reqIndex])
-							varbinds[reqIndex] = [];
-						varbinds[reqIndex].push (pdu.varbinds[respIndex]);
-					} else if ( ! backwardsGetNexts && ! oidFollowsOid (
-							req.message.pdu.varbinds[reqIndex].oid,
-							pdu.varbinds[respIndex].oid)) {
-						req.responseCb (new ResponseInvalidError ("OID '"
-								+ req.message.pdu.varbinds[reqIndex].oid
-								+ "' in request at position '" + (reqIndex)
-								+ "' does not precede OID '"
-								+ pdu.varbinds[respIndex].oid
-								+ "' in response at position '" + (respIndex) + "'",
-								ResponseInvalidCode.EOutOfOrder));
-						return;
-					} else {
-						if (! varbinds[reqIndex])
-							varbinds[reqIndex] = [];
-						varbinds[reqIndex].push (pdu.varbinds[respIndex]);
-					}
+		for ( ; i < pdu.varbinds.length; i++) {
+			var reqIndex = (i - nonRepeaters) % repeaters + nonRepeaters;
+			var prevIndex = i - repeaters;
+			var prevOid = pdu.varbinds[prevIndex].oid;
+
+			if (isVarbindError (pdu.varbinds[i])) {
+				if ( reportOidMismatchErrors && prevOid != pdu.varbinds[i].oid ) {
+					req.responseCb (new ResponseInvalidError ("OID '" + prevOid
+							+ "' in response at position '" + prevIndex + "' does not "
+							+ "match OID '" + pdu.varbinds[i].oid + "' in response "
+							+ "at position '" + i + "'", ResponseInvalidCode.EReqResOidNoMatch));
+					return;
+				}
+			} else {
+				if ( ! backwardsGetNexts && ! oidFollowsOid (prevOid, pdu.varbinds[i].oid)) {
+					req.responseCb (new ResponseInvalidError ("OID '" + prevOid
+							+ "' in response at positiion '" + prevIndex + "' does not "
+							+ "precede OID '" + pdu.varbinds[i].oid + "' in response "
+							+ "at position '" + i + "'", ResponseInvalidCode.EOutOfOrder));
+					return;
 				}
 			}
+			varbinds[reqIndex].push (pdu.varbinds[i]);
 		}
 
 		req.responseCb (null, varbinds);
@@ -4454,7 +4400,7 @@ Mib.convertOidToAddress = function (oid) {
 			throw new RangeError('object identifier component ' +
 				address[i] + ' is negative');
 		}
-		if (n > MAX_INT32) {
+		if (n > MAX_SIGNED_INT32) {
 			throw new RangeError('object identifier component ' +
 				address[i] + ' is too large');
 		}
@@ -6268,8 +6214,8 @@ exports.RequestTimedOutError = RequestTimedOutError;
  ** Added for testing
  **/
 exports.ObjectParser = {
-	readInt: readInt,
-	readUint: readUint,
+	readInt32: readInt32,
+	readUint32: readUint32,
 	readVarbindValue: readVarbindValue
 };
 exports.Authentication = Authentication;

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "net-snmp",
-  "version": "3.7.0",
+  "version": "3.8.0",
   "description": "JavaScript implementation of the Simple Network Management Protocol (SNMP)",
   "main": "index.js",
   "directories": {
     "example": "example"
   },
   "dependencies": {
-    "asn1-ber": "*",
+    "asn1-ber": "^1.2.0",
     "smart-buffer": "^4.1.0"
   },
   "devDependencies": {