Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/net-snmp.git#8c24d14eac5f4f043a1e67ec70990de6616920bf
2021-01-18 14:54:08 +00:00 · 2021-01-18 14:54:08 +00:00 · 27be55fff2
parent e68aa2cef1
commit 27be55fff2
4 changed files with 165 additions and 1 deletions
--- a/net-snmp-5.8-asn-parse-nlength.patch
+++ b/net-snmp-5.8-asn-parse-nlength.patch
@ -0,0 +1,86 @@
+From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 4 Jan 2021 12:21:59 -0800
+Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
+
+Handle length zero correctly.
+
+Fixes: https://github.com/net-snmp/net-snmp/issues/253
+Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
+---
+ snmplib/asn1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/snmplib/asn1.c b/snmplib/asn1.c
+index e983500e7..33c272768 100644
+--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
+@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
+          * long length; first byte is length of length (after masking high bit)
+          */
+         len_len = (int) ((*pkt & ~0x80) + 1);
+-        if ((int) pkt_len <= len_len )
+        if (pkt_len < len_len)
+             return NULL;           /* still too short for length and data */
+ 
+         /* now we know we have enough data to parse length */
+From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 4 Jan 2021 10:00:33 -0800
+Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
+ test
+
+Add a reproducer for the bug fixed by the previous patch.
+---
+ .../unit-tests/T105trap_parse_clib.c          | 41 +++++++++++++++++++
+ 1 file changed, 41 insertions(+)
+ create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
+
+diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
+new file mode 100644
+index 000000000..5c21ccdc7
+--- /dev/null
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
+@@ -0,0 +1,41 @@
+/* HEADER Parsing of an SNMP trap with no varbinds */
+netsnmp_pdu pdu;
+int rc;
+static u_char trap_pdu[] = {
+    /* Sequence with length of 0x2d = 45 bytes. */
+    [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
+    /* version = INTEGER 0 */
+    [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
+    /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
+    [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
+    [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
+    /* SNMP_MSG_TRAP; 32 bytes. */
+    [15] = 0xa4, [16] = 0x20,
+    /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
+    [17] = 0x06, [18] = 0x08,
+    [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
+    [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
+    /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
+    [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
+    [31] = 0x01, [32] = 0x22,
+    /* generic-trap = INTEGER 0 */
+    [33] = 0x02, [34] = 0x01, [35] = 0x00,
+    /* specific-trap = INTEGER 0 */
+    [36] = 0x02, [37] = 0x01, [38] = 0x00,
+    /* ASN_TIMETICKS 0x117f243a */
+    [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
+    [43] = 0x24, [44] = 0x3a,
+    /* varbind list */
+    [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
+};
+static size_t trap_pdu_length = sizeof(trap_pdu);
+netsnmp_session session;
+
+snmp_set_do_debugging(TRUE);
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
+memset(&session, 0, sizeof(session));
+snmp_sess_init(&session);
+memset(&pdu, 0, sizeof(pdu));
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
+
+OKF((rc == 0), ("Parsing of a trap PDU"));
+
--- a/net-snmp-5.8-clientaddr-error-message.patch
+++ b/net-snmp-5.8-clientaddr-error-message.patch
@ -0,0 +1,35 @@
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2020-11-26 11:05:51.084788775 +0100
+++ b/snmplib/snmp_api.c	2020-11-26 11:08:27.850751397 +0100
+@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
+     "No error",                 /* SNMPERR_SUCCESS */
+     "Generic error",            /* SNMPERR_GENERR */
+     "Invalid local port",       /* SNMPERR_BAD_LOCPORT */
+-    "Unknown host",             /* SNMPERR_BAD_ADDRESS */
+    "Invalid address",          /* SNMPERR_BAD_ADDRESS */
+     "Unknown session",          /* SNMPERR_BAD_SESSION */
+     "Too long",                 /* SNMPERR_TOO_LONG */
+     "No socket",                /* SNMPERR_NO_SOCKET */
+@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
+         DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
+         in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
+         in_session->s_errno = errno;
+-        snmp_set_detail(in_session->peername);
+        if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
+                                    NETSNMP_DS_LIB_CLIENT_ADDR))
+            snmp_set_detail(in_session->peername);
+         return NULL;
+     }
+ 
+diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
+--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c	2021-01-06 12:51:51.948106797 +0100
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c	2021-01-06 14:17:31.029745744 +0100
+@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
+         DEBUGMSGTL(("netsnmp_udpbase",
+                     "failed to bind for clientaddr: %d %s\n",
+                     errno, strerror(errno)));
+        NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
+                    strerror(errno)));
+         goto err;
+     }
+
--- a/net-snmp-5.8-empty-passphrase.patch
+++ b/net-snmp-5.8-empty-passphrase.patch
@ -0,0 +1,30 @@
+From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
+From: Josef Ridky <jridky@redhat.com>
+Date: Wed, 18 Nov 2020 20:54:34 -0800
+Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
+
+See also https://github.com/net-snmp/net-snmp/issues/86.
+
+Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
+Reported-by: Chris Cheney
+---
+ net-snmp-create-v3-user.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
+index 452c2699d..31b4c58c1 100644
+--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
+@@ -120,7 +120,11 @@ fi
+ fi
+ outdir="@PERSISTENT_DIRECTORY@"
+ outfile="$outdir/snmpd.conf"
+-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+    line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+    line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
+ echo "adding the following line to $outfile:"
+ echo "  " $line
+ # in case it hasn't ever been started yet, start it.
--- a/net-snmp.spec
+++ b/net-snmp.spec
@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.9
-Release:    3%{?dist}
+Release:    4%{?dist}
 Epoch:      1

 License:    BSD
@ -50,6 +50,9 @@ Patch20:    net-snmp-5.8-ipAddress-faster-load.patch
 Patch21:    net-snmp-5.8-rpm-memory-leak.patch
 Patch22:    net-snmp-5.9-aes-config.patch
 Patch23:    net-snmp-5.9-available-memory.patch
+Patch24:    net-snmp-5.8-asn-parse-nlength.patch
+Patch25:    net-snmp-5.8-clientaddr-error-message.patch
+Patch26:    net-snmp-5.8-empty-passphrase.patch

 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@ -63,6 +66,7 @@ Requires:        %{name}-agent-libs%{?_isa} = %{epoch}:%{version}-%{release}
 # is not valid.  We can use %%post because this particular %%triggerun script
 # should fire just after this package is installed.
 %{?systemd_requires}
+BuildRequires: make
 BuildRequires:   systemd
 BuildRequires:   gcc
 BuildRequires:   openssl-devel, bzip2-devel, elfutils-devel
@ -223,6 +227,9 @@ cp %{SOURCE10} .
 %patch21 -p1 -b .rpm-memory-leak
 %patch22 -p1 -b .aes-config
 %patch23 -p1 -b .available-memory
+%patch24 -p1 -b .asn-parse-nlength
+%patch25 -p1 -b .clientaddr-error-message
+%patch26 -p1 -b .empty-passphrase

 %patch101 -p1 -b .modern-rpm-api
 %patch102 -p1
@ -490,6 +497,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*

 %changelog
+* Mon Jan 18 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-4
+- fix issue with parsing long trap headers (#1912725)
+- fix error message when the address specified by clientaddr option
+  is wrong or cannot be bound
+- fix issue with quoting empty passphrase
+
 * Wed Nov 18 2020 Josef Ridky <jridky@redhat.com> - 1:5.9-3
 - update net-snmp-tmpfs.conf for /var/run to /run (#1893471)