rpms/net-snmp
8
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix crash caused by small buffer size

Browse Source
This commit is contained in:
Josef Řídký 2021-01-28 14:19:56 +01:00
parent 4efbf707c2
commit 47adcde62f
2 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
net-snmp-5.9-ssl-buffer-size.patch Normal file
View File

@ -0,0 +1,67 @@
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-01-28 14:10:05.993443671 +0100
+++ b/snmplib/snmp_openssl.c 2021-01-28 14:17:52.531088559 +0100
@@ -284,31 +284,29 @@ _cert_get_extension(X509_EXTENSION *oex
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
- else
- buf_ptr = *buf;
+ if (*len < space + 1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ goto out;
+ }
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
- BIO_vfree(bio);
- return NULL;
+ snmp_log(LOG_ERR, "error in allocation for extenstion\n");
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
-
+out:
BIO_vfree(bio);
return buf_ptr;
@@ -479,7 +477,7 @@ netsnmp_openssl_cert_dump_extensions(X50
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,6 +497,11 @@ netsnmp_openssl_cert_dump_extensions(X50
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
+ continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */

3
net-snmp.spec
View File

@ -55,6 +55,7 @@ Patch25: net-snmp-5.8-clientaddr-error-message.patch
Patch26: net-snmp-5.8-empty-passphrase.patch Patch26: net-snmp-5.8-empty-passphrase.patch
Patch27: net-snmp-5.9-ECC-cert.patch Patch27: net-snmp-5.9-ECC-cert.patch
Patch28: net-snmp-5.9-intermediate-certs.patch Patch28: net-snmp-5.9-intermediate-certs.patch
Patch29: net-snmp-5.9-ssl-buffer-size.patch
# Modern RPM API means at least EL6 # Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -234,6 +235,7 @@ cp %{SOURCE10} .
%patch26 -p1 -b .empty-passphrase %patch26 -p1 -b .empty-passphrase
%patch27 -p1 -b .ECC-cert %patch27 -p1 -b .ECC-cert
%patch28 -p1 -b .intermediate-certs %patch28 -p1 -b .intermediate-certs
%patch29 -p1 -b .ssl-buffer-size
%patch101 -p1 -b .modern-rpm-api %patch101 -p1 -b .modern-rpm-api
%patch102 -p1 %patch102 -p1
@ -504,6 +506,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-6 * Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-6
- add support for digests detected from ECC certificates - add support for digests detected from ECC certificates
- add support for intermediate certificates - add support for intermediate certificates
- fix crash caused by small buffer size
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild