164 lines
7.6 KiB
Diff
164 lines
7.6 KiB
Diff
|
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
|
||
|
From: Bill Fenner <fenner@gmail.com>
|
||
|
Date: Tue, 24 Aug 2021 07:55:00 -0700
|
||
|
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
|
||
|
|
||
|
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
|
||
|
Fixes by: Arista Networks
|
||
|
|
||
|
When a SET request includes a mix of delegated and
|
||
|
non-delegated requests (e.g., objects handled by master
|
||
|
agent and agentx sub-agent), the status can get lost while
|
||
|
waiting for the reply from the sub-agent. Recover the status
|
||
|
into the session from the requests even if it has already
|
||
|
been processed.
|
||
|
---
|
||
|
agent/snmp_agent.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
|
||
|
index 84fbb42b47..095ee70985 100644
|
||
|
--- a/agent/snmp_agent.c
|
||
|
+++ b/agent/snmp_agent.c
|
||
|
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
|
||
|
if (requests->status != SNMP_ERR_NOERROR &&
|
||
|
(!look_for_specific || requests->status == look_for_specific)
|
||
|
&& (look_for_specific || asp->index == 0
|
||
|
- || requests->index < asp->index)) {
|
||
|
+ || requests->index <= asp->index)) {
|
||
|
asp->index = requests->index;
|
||
|
asp->status = requests->status;
|
||
|
}
|
||
|
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
|
||
|
From: Bill Fenner <fenner@gmail.com>
|
||
|
Date: Wed, 30 Jun 2021 14:00:28 -0700
|
||
|
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
|
||
|
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
|
||
|
|
||
|
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
|
||
|
Fixes by: Arista Networks
|
||
|
---
|
||
|
agent/mibgroup/agent/nsLogging.c | 6 ++++++
|
||
|
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
|
||
|
agent/mibgroup/mibII/vacm_vars.c | 3 +++
|
||
|
agent/mibgroup/snmpv3/usmUser.c | 2 --
|
||
|
4 files changed, 23 insertions(+), 4 deletions(-)
|
||
|
|
||
|
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
|
||
|
index 9abdeb5bb7..7f4290490a 100644
|
||
|
--- a/agent/mibgroup/agent/nsLogging.c
|
||
|
+++ b/agent/mibgroup/agent/nsLogging.c
|
||
|
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
|
||
|
continue;
|
||
|
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
|
||
|
table_info = netsnmp_extract_table_info(request);
|
||
|
+ if (!table_info || !table_info->indexes)
|
||
|
+ continue;
|
||
|
|
||
|
switch (table_info->colnum) {
|
||
|
case NSLOGGING_TYPE:
|
||
|
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
|
||
|
}
|
||
|
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
|
||
|
table_info = netsnmp_extract_table_info(request);
|
||
|
+ if (!table_info || !table_info->indexes)
|
||
|
+ continue;
|
||
|
|
||
|
switch (table_info->colnum) {
|
||
|
case NSLOGGING_TYPE:
|
||
|
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
|
||
|
continue;
|
||
|
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
|
||
|
table_info = netsnmp_extract_table_info(request);
|
||
|
+ if (!table_info || !table_info->indexes)
|
||
|
+ continue;
|
||
|
|
||
|
switch (table_info->colnum) {
|
||
|
case NSLOGGING_TYPE:
|
||
|
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
|
||
|
index cc61fce7e6..6c43210074 100644
|
||
|
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
|
||
|
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
|
||
|
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||
|
entry = (struct vacm_accessEntry *)
|
||
|
netsnmp_extract_iterator_context(request);
|
||
|
table_info = netsnmp_extract_table_info(request);
|
||
|
+ if (!table_info || !table_info->indexes)
|
||
|
+ continue;
|
||
|
|
||
|
/* Extract the authType token from the list of indexes */
|
||
|
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
|
||
|
+ if (idx->val_len >= sizeof(atype))
|
||
|
+ continue;
|
||
|
memset(atype, 0, sizeof(atype));
|
||
|
memcpy(atype, (char *)idx->val.string, idx->val_len);
|
||
|
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
|
||
|
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||
|
entry = (struct vacm_accessEntry *)
|
||
|
netsnmp_extract_iterator_context(request);
|
||
|
table_info = netsnmp_extract_table_info(request);
|
||
|
+ if (!table_info || !table_info->indexes)
|
||
|
+ continue;
|
||
|
ret = SNMP_ERR_NOERROR;
|
||
|
|
||
|
switch (table_info->colnum) {
|
||
|
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||
|
* Extract the authType token from the list of indexes
|
||
|
*/
|
||
|
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
|
||
|
+ if (idx->val_len >= sizeof(atype))
|
||
|
+ continue;
|
||
|
memset(atype, 0, sizeof(atype));
|
||
|
memcpy(atype, (char *)idx->val.string, idx->val_len);
|
||
|
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
|
||
|
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||
|
idx = idx->next_variable; model = *idx->val.integer;
|
||
|
idx = idx->next_variable; level = *idx->val.integer;
|
||
|
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
|
||
|
- entry->storageType = ST_NONVOLATILE;
|
||
|
- netsnmp_insert_iterator_context(request, (void*)entry);
|
||
|
+ if (entry) {
|
||
|
+ entry->storageType = ST_NONVOLATILE;
|
||
|
+ netsnmp_insert_iterator_context(request, (void*)entry);
|
||
|
+ }
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||
|
|
||
|
/* Extract the authType token from the list of indexes */
|
||
|
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
|
||
|
+ if (idx->val_len >= sizeof(atype))
|
||
|
+ continue;
|
||
|
memset(atype, 0, sizeof(atype));
|
||
|
memcpy(atype, (char *)idx->val.string, idx->val_len);
|
||
|
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
|
||
|
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
|
||
|
index 469a1eba59..62c9a3d051 100644
|
||
|
--- a/agent/mibgroup/mibII/vacm_vars.c
|
||
|
+++ b/agent/mibgroup/mibII/vacm_vars.c
|
||
|
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
|
||
|
return 1;
|
||
|
}
|
||
|
groupNameL = oidIndex[0];
|
||
|
+ if ((groupNameL + 1) > (int) oidLen) {
|
||
|
+ return 1;
|
||
|
+ }
|
||
|
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
|
||
|
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
|
||
|
return 1;
|
||
|
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
|
||
|
index 0f52aaba49..0edea53cfb 100644
|
||
|
--- a/agent/mibgroup/snmpv3/usmUser.c
|
||
|
+++ b/agent/mibgroup/snmpv3/usmUser.c
|
||
|
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
|
||
|
if (usmStatusCheck(uptr)) {
|
||
|
uptr->userStatus = RS_ACTIVE;
|
||
|
} else {
|
||
|
- SNMP_FREE(engineID);
|
||
|
- SNMP_FREE(newName);
|
||
|
return SNMP_ERR_INCONSISTENTVALUE;
|
||
|
}
|
||
|
} else if (long_ret == RS_CREATEANDWAIT) {
|
||
|
|