fix invalid access to memory in tcpListenerTable Resolves: #551030
This commit is contained in:
parent
f055f648cc
commit
08fd4f5c67
60
net-snmp-5.5-tcp-pid.patch
Normal file
60
net-snmp-5.5-tcp-pid.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
551030 - Memory corruption in TCP-MIB::tcpListenerProcess
|
||||||
|
|
||||||
|
Source: upstream, SVN rev. 17861
|
||||||
|
|
||||||
|
CHANGES: snmpd: Fixed invalid access to memory in TCP-MIB
|
||||||
|
|
||||||
|
diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
|
||||||
|
index 7259bf8..e274d19 100644
|
||||||
|
--- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
|
||||||
|
+++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
|
||||||
|
@@ -155,6 +155,8 @@ tcpConnectionTable_rowreq_ctx_cleanup(tcpConnectionTable_rowreq_ctx *
|
||||||
|
/*
|
||||||
|
* TODO:211:o: |-> Perform extra tcpConnectionTable rowreq cleanup.
|
||||||
|
*/
|
||||||
|
+ netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
|
||||||
|
+ rowreq_ctx->data = NULL;
|
||||||
|
} /* tcpConnectionTable_rowreq_ctx_cleanup */
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
|
||||||
|
index 807dd9d..fec6bef 100644
|
||||||
|
--- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
|
||||||
|
+++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
|
||||||
|
@@ -256,7 +256,8 @@ tcpConnectionTable_container_load(netsnmp_container *container)
|
||||||
|
* free the container. we've either claimed each entry, or released it,
|
||||||
|
* so the dal function doesn't need to clear the container.
|
||||||
|
*/
|
||||||
|
- netsnmp_access_tcpconn_container_free(raw_data, 0);
|
||||||
|
+ netsnmp_access_tcpconn_container_free(raw_data,
|
||||||
|
+ NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
|
||||||
|
|
||||||
|
DEBUGMSGT(("verbose:tcpConnectionTable:tcpConnectionTable_cache_load",
|
||||||
|
"%d records\n", (int)CONTAINER_SIZE(container)));
|
||||||
|
diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
|
||||||
|
index f3009dd..ebd672b 100644
|
||||||
|
--- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
|
||||||
|
+++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
|
||||||
|
@@ -154,6 +154,8 @@ tcpListenerTable_rowreq_ctx_cleanup(tcpListenerTable_rowreq_ctx *
|
||||||
|
/*
|
||||||
|
* TODO:211:o: |-> Perform extra tcpListenerTable rowreq cleanup.
|
||||||
|
*/
|
||||||
|
+ netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
|
||||||
|
+ rowreq_ctx->data = NULL;
|
||||||
|
} /* tcpListenerTable_rowreq_ctx_cleanup */
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
|
||||||
|
index 09ba655..b25d5db 100644
|
||||||
|
--- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
|
||||||
|
+++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
|
||||||
|
@@ -254,7 +254,8 @@ tcpListenerTable_container_load(netsnmp_container *container)
|
||||||
|
* free the container. we've either claimed each entry, or released it,
|
||||||
|
* so the dal function doesn't need to clear the container.
|
||||||
|
*/
|
||||||
|
- netsnmp_access_tcpconn_container_free(raw_data, 0);
|
||||||
|
+ netsnmp_access_tcpconn_container_free(raw_data,
|
||||||
|
+ NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
|
||||||
|
|
||||||
|
DEBUGMSGT(("verbose:tcpListenerTable:tcpListenerTable_cache_load",
|
||||||
|
"%d records\n", (int)CONTAINER_SIZE(container)));
|
@ -11,7 +11,7 @@
|
|||||||
Summary: A collection of SNMP protocol tools and libraries
|
Summary: A collection of SNMP protocol tools and libraries
|
||||||
Name: net-snmp
|
Name: net-snmp
|
||||||
Version: 5.5
|
Version: 5.5
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
|
|
||||||
License: BSD and MIT
|
License: BSD and MIT
|
||||||
@ -32,6 +32,7 @@ Patch3: net-snmp-5.5-multilib.patch
|
|||||||
Patch4: net-snmp-5.5-sensors3.patch
|
Patch4: net-snmp-5.5-sensors3.patch
|
||||||
Patch5: net-snmp-5.5-udptable-index.patch
|
Patch5: net-snmp-5.5-udptable-index.patch
|
||||||
Patch6: net-snmp-5.5-missing-bcast.patch
|
Patch6: net-snmp-5.5-missing-bcast.patch
|
||||||
|
Patch7: net-snmp-5.5-tcp-pid.patch
|
||||||
|
|
||||||
Requires(post): chkconfig
|
Requires(post): chkconfig
|
||||||
Requires(preun): chkconfig
|
Requires(preun): chkconfig
|
||||||
@ -163,6 +164,7 @@ Net-SNMP toolkit library.
|
|||||||
%patch4 -p1 -b .sensors
|
%patch4 -p1 -b .sensors
|
||||||
%patch5 -p1 -b .udptable-index
|
%patch5 -p1 -b .udptable-index
|
||||||
%patch6 -p1 -b .missing-bcast
|
%patch6 -p1 -b .missing-bcast
|
||||||
|
%patch7 -p1 -b .tcp-pid
|
||||||
|
|
||||||
%build
|
%build
|
||||||
MIBS="host agentx smux \
|
MIBS="host agentx smux \
|
||||||
@ -404,6 +406,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
%{_datadir}/snmp/mibs/*
|
%{_datadir}/snmp/mibs/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 5 2010 Jan Safranek <jsafrane@redhat.com> - 1:5.5-8
|
||||||
|
- fix invalid access to memory in tcpListenerTable (#551030)
|
||||||
|
|
||||||
* Mon Dec 21 2009 Jan Safranek <jsafrane@redhat.com> - 1:5.5-7
|
* Mon Dec 21 2009 Jan Safranek <jsafrane@redhat.com> - 1:5.5-7
|
||||||
- fix crash with interfaces without broadcast addresses (like OpenVPN's tun0)
|
- fix crash with interfaces without broadcast addresses (like OpenVPN's tun0)
|
||||||
(#544849)
|
(#544849)
|
||||||
|
Loading…
Reference in New Issue
Block a user