update to net-snmp-5.4.2

This commit is contained in:
Jan Šafránek 2008-09-17 14:32:07 +00:00
parent b9fb5fcf10
commit 56e5e09bcc
9 changed files with 23 additions and 662 deletions

View File

@ -1 +1 @@
net-snmp-5.4.1.tar.gz
net-snmp-5.4.2.tar.gz

View File

@ -1,232 +0,0 @@
diff -up net-snmp-5.4.1/agent/mibgroup/mibII/at.c.backup_patch_5 net-snmp-5.4.1/agent/mibgroup/mibII/at.c
--- net-snmp-5.4.1/agent/mibgroup/mibII/at.c.backup_patch_5 2006-12-27 20:17:49.000000000 +0100
+++ net-snmp-5.4.1/agent/mibgroup/mibII/at.c 2008-07-25 12:53:03.000000000 +0200
@@ -128,9 +128,9 @@
#ifndef solaris2
static void ARP_Scan_Init(void);
#ifdef ARP_SCAN_FOUR_ARGUMENTS
-static int ARP_Scan_Next(u_long *, char *, u_long *, u_short *);
+static int ARP_Scan_Next(u_int *, char *, u_long *, u_short *);
#else
-static int ARP_Scan_Next(u_long *, char *, u_long *);
+static int ARP_Scan_Next(u_int *, char *, u_long *);
#endif
#endif
#endif
@@ -206,7 +206,8 @@ var_atEntry(struct variable *vp,
oid lowest[16];
oid current[16];
static char PhysAddr[6], LowPhysAddr[6];
- u_long Addr, LowAddr, foundone;
+ u_int Addr, LowAddr, foundone;
+ static int addr_ret;
#ifdef ARP_SCAN_FOUR_ARGUMENTS
u_short ifIndex, lowIfIndex = 0;
#endif /* ARP_SCAN_FOUR_ARGUMENTS */
@@ -316,9 +317,9 @@ var_atEntry(struct variable *vp,
*var_len = sizeof(LowPhysAddr);
return (u_char *) LowPhysAddr;
case IPMEDIANETADDRESS: /* also ATNETADDRESS */
- *var_len = sizeof(uint32_t);
- long_return = LowAddr;
- return (u_char *) & long_return;
+ *var_len = sizeof addr_ret;
+ addr_ret = LowAddr;
+ return (u_char *) & addr_ret;
case IPMEDIATYPE:
*var_len = sizeof long_return;
long_return = lowIfType;
@@ -709,11 +710,11 @@ ARP_Scan_Init(void)
#ifdef ARP_SCAN_FOUR_ARGUMENTS
static int
-ARP_Scan_Next(u_long * IPAddr, char *PhysAddr, u_long * ifType,
+ARP_Scan_Next(u_int * IPAddr, char *PhysAddr, u_long * ifType,
u_short * ifIndex)
#else
static int
-ARP_Scan_Next(u_long * IPAddr, char *PhysAddr, u_long * ifType)
+ARP_Scan_Next(u_int * IPAddr, char *PhysAddr, u_long * ifType)
#endif
{
#ifndef NETSNMP_CAN_USE_SYSCTL
diff -up net-snmp-5.4.1/agent/mibgroup/mibII/ipCidrRouteTable_access.c.backup_patch_5 net-snmp-5.4.1/agent/mibgroup/mibII/ipCidrRouteTable_access.c
--- net-snmp-5.4.1/agent/mibgroup/mibII/ipCidrRouteTable_access.c.backup_patch_5 2003-02-22 05:19:51.000000000 +0100
+++ net-snmp-5.4.1/agent/mibgroup/mibII/ipCidrRouteTable_access.c 2008-07-25 12:53:03.000000000 +0200
@@ -22,6 +22,7 @@
/** a global static we'll make use of a lot to map to the right
datatype to return (which for SNMP integer's is always a long). */
static u_long long_ret;
+static in_addr_t addr_ret;
/*
@@ -32,18 +33,18 @@ u_long *
get_ipCidrRouteDest(void *data_context, size_t * ret_len)
{
RTENTRY *ourroute = (RTENTRY *) data_context;
- long_ret = ((struct sockaddr_in *) (&ourroute->rt_dst))->sin_addr.s_addr;
- *ret_len = sizeof(long_ret);
- return &long_ret;
+ addr_ret = ((struct sockaddr_in *) (&ourroute->rt_dst))->sin_addr.s_addr;
+ *ret_len = sizeof(addr_ret);
+ return &addr_ret;
}
u_long *
get_ipCidrRouteMask(void *data_context, size_t * ret_len)
{
RTENTRY *ourroute = (RTENTRY *) data_context;
- long_ret = ((struct sockaddr_in *) (&ourroute->rt_genmask))->sin_addr.s_addr;
- *ret_len = sizeof(long_ret);
- return &long_ret;
+ addr_ret = ((struct sockaddr_in *) (&ourroute->rt_genmask))->sin_addr.s_addr;
+ *ret_len = sizeof(addr_ret);
+ return &addr_ret;
}
long *
@@ -59,9 +60,9 @@ u_long *
get_ipCidrRouteNextHop(void *data_context, size_t * ret_len)
{
RTENTRY *ourroute = (RTENTRY *) data_context;
- long_ret = ((struct sockaddr_in *) (&ourroute->rt_gateway))->sin_addr.s_addr;
- *ret_len = sizeof(long_ret);
- return &long_ret;
+ addr_ret = ((struct sockaddr_in *) (&ourroute->rt_gateway))->sin_addr.s_addr;
+ *ret_len = sizeof(addr_ret);
+ return &addr_ret;
}
long *
diff -up net-snmp-5.4.1/agent/mibgroup/mibII/var_route.c.backup_patch_5 net-snmp-5.4.1/agent/mibgroup/mibII/var_route.c
--- net-snmp-5.4.1/agent/mibgroup/mibII/var_route.c.backup_patch_5 2006-11-07 00:43:27.000000000 +0100
+++ net-snmp-5.4.1/agent/mibgroup/mibII/var_route.c 2008-07-25 12:53:03.000000000 +0200
@@ -434,6 +434,7 @@ var_ipRouteEntry(struct variable * vp,
static oid saveName[MAX_OID_LEN], Current[MAX_OID_LEN];
u_char *cp;
oid *op;
+ static in_addr_t addr_ret;
#if NEED_KLGETSA
struct sockaddr_in *sa;
#endif
@@ -538,13 +539,13 @@ var_ipRouteEntry(struct variable * vp,
switch (vp->magic) {
case IPROUTEDEST:
- *var_len = sizeof(uint32_t);
+ *var_len = sizeof(addr_ret);
#if NEED_KLGETSA
sa = klgetsa((struct sockaddr_in *) rthead[RtIndex]->rt_dst);
return (u_char *) & (sa->sin_addr.s_addr);
#elif defined(hpux11)
- long_return = rt[RtIndex].Dest;
- return (u_char *) & long_return;
+ addr_ret = rt[RtIndex].Dest;
+ return (u_char *) & addr_ret;
#else
return (u_char *) & ((struct sockaddr_in *) &rthead[RtIndex]->
rt_dst)->sin_addr.s_addr;
@@ -597,13 +598,13 @@ var_ipRouteEntry(struct variable * vp,
long_return = -1;
return (u_char *) & long_return;
case IPROUTENEXTHOP:
- *var_len = sizeof(uint32_t);
+ *var_len = sizeof(addr_ret);
#if NEED_KLGETSA
sa = klgetsa((struct sockaddr_in *) rthead[RtIndex]->rt_gateway);
return (u_char *) & (sa->sin_addr.s_addr);
#elif defined(hpux11)
- long_return = rt[RtIndex].NextHop;
- return (u_char *) & long_return;
+ addr_ret = rt[RtIndex].NextHop;
+ return (u_char *) & addr_ret;
#else
return (u_char *) & ((struct sockaddr_in *) &rthead[RtIndex]->
rt_gateway)->sin_addr.s_addr;
@@ -649,14 +650,14 @@ var_ipRouteEntry(struct variable * vp,
#if NETSNMP_NO_DUMMY_VALUES
return NULL;
#endif
- long_return = 0;
+ addr_ret = 0;
#elif defined(hpux11)
- long_return = rt[RtIndex].Mask;
- return (u_char *) & long_return;
+ addr_ret = rt[RtIndex].Mask;
+ return (u_char *) & addr_ret;
#else /* !NEED_KLGETSA && !hpux11 */
if (((struct sockaddr_in *) &rthead[RtIndex]->rt_dst)->sin_addr.
s_addr == 0)
- long_return = 0; /* Default route */
+ addr_ret = 0; /* Default route */
else {
#ifndef linux
if (!NETSNMP_KLOOKUP(rthead[RtIndex]->rt_ifp,
@@ -681,7 +682,7 @@ var_ipRouteEntry(struct variable * vp,
#endif /* linux */
}
#endif /* NEED_KLGETSA */
- return (u_char *) & long_return;
+ return (u_char *) & addr_ret;
case IPROUTEINFO:
*var_len = nullOidLen;
return (u_char *) nullOid;
diff -up net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass.c.backup_patch_5 net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass.c
--- net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass.c.backup_patch_5 2005-08-18 02:44:02.000000000 +0200
+++ net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass.c 2008-07-25 12:53:03.000000000 +0200
@@ -287,6 +287,7 @@ var_extensible_pass(struct variable *vp,
oid newname[MAX_OID_LEN];
int i, rtest, fd, newlen;
static long long_ret;
+ static in_addr_t addr_ret;
char buf[SNMP_MAXBUF];
static char buf2[SNMP_MAXBUF];
static oid objid[MAX_OID_LEN];
@@ -412,13 +413,13 @@ var_extensible_pass(struct variable *vp,
*var_len = 0;
return (NULL);
}
- long_ret =
+ addr_ret =
(objid[0] << (8 * 3)) + (objid[1] << (8 * 2)) +
(objid[2] << 8) + objid[3];
- long_ret = htonl(long_ret);
- *var_len = sizeof(long_ret);
+ addr_ret = htonl(addr_ret);
+ *var_len = sizeof(addr_ret);
vp->type = ASN_IPADDRESS;
- return ((unsigned char *) &long_ret);
+ return ((unsigned char *) &addr_ret);
}
}
*var_len = 0;
diff -up net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass_persist.c.backup_patch_5 net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass_persist.c
--- net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass_persist.c.backup_patch_5 2006-10-18 04:59:10.000000000 +0200
+++ net-snmp-5.4.1/agent/mibgroup/ucd-snmp/pass_persist.c 2008-07-25 12:53:03.000000000 +0200
@@ -218,6 +218,7 @@ var_extensible_pass_persist(struct varia
oid newname[MAX_OID_LEN];
int i, rtest, newlen;
static long long_ret;
+ static in_addr_t addr_ret;
char buf[SNMP_MAXBUF];
static char buf2[SNMP_MAXBUF];
static oid objid[MAX_OID_LEN];
@@ -366,13 +367,13 @@ var_extensible_pass_persist(struct varia
*var_len = 0;
return (NULL);
}
- long_ret =
+ addr_ret =
(objid[0] << (8 * 3)) + (objid[1] << (8 * 2)) +
(objid[2] << 8) + objid[3];
- long_ret = htonl(long_ret);
- *var_len = sizeof(long_ret);
+ addr_ret = htonl(addr_ret);
+ *var_len = sizeof(addr_ret);
vp->type = ASN_IPADDRESS;
- return ((unsigned char *) &long_ret);
+ return ((unsigned char *) &addr_ret);
}
}
*var_len = 0;

View File

@ -1,13 +0,0 @@
diff -up net-snmp-5.4.1/agent/mibgroup/agent/extend.c.backup_patch_14 net-snmp-5.4.1/agent/mibgroup/agent/extend.c
--- net-snmp-5.4.1/agent/mibgroup/agent/extend.c.backup_patch_14 2007-07-06 17:32:59.000000000 +0200
+++ net-snmp-5.4.1/agent/mibgroup/agent/extend.c 2008-07-25 12:53:44.000000000 +0200
@@ -450,6 +450,9 @@ extend_parse_config(const char *token, c
extension->command = strdup( exec_command );
if (cptr)
extension->args = strdup( cptr );
+ } else {
+ snmp_log(LOG_ERR, "Duplicate MIBOID '%s' detected in exec statement, only the first one will be used.\n", exec_name);
+ return;
}
#ifndef USING_UCD_SNMP_EXTENSIBLE_MODULE

View File

@ -1,19 +0,0 @@
447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
Reviewed-by: Jan Safranek <jsafrane@redhat.com>
diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
diff -up net-snmp-5.4.1/snmplib/scapi.c.backup_patch_17 net-snmp-5.4.1/snmplib/scapi.c
--- net-snmp-5.4.1/snmplib/scapi.c.backup_patch_17 2006-09-15 14:47:01.000000000 +0200
+++ net-snmp-5.4.1/snmplib/scapi.c 2008-07-25 12:54:00.000000000 +0200
@@ -562,6 +562,9 @@ sc_check_keyed_hash(const oid * authtype
QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
}
+ if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
+ QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
+ }
/*
* Generate a full hash of the message, then compare

View File

@ -1,215 +0,0 @@
diff -up net-snmp-5.4.1/apps/snmptrapd_log.c.backup_patch_12 net-snmp-5.4.1/apps/snmptrapd_log.c
--- net-snmp-5.4.1/apps/snmptrapd_log.c.backup_patch_12 2007-05-31 16:39:14.000000000 +0200
+++ net-snmp-5.4.1/apps/snmptrapd_log.c 2008-07-25 12:53:41.000000000 +0200
@@ -626,6 +626,8 @@ realloc_handle_ip_fmt(u_char ** buf, siz
char fmt_cmd = options->cmd; /* what we're formatting */
u_char *temp_buf = NULL;
size_t temp_buf_len = 64, temp_out_len = 0;
+ char *tstr;
+ unsigned int oflags;
if ((temp_buf = calloc(temp_buf_len, 1)) == NULL) {
return 0;
@@ -681,130 +683,59 @@ realloc_handle_ip_fmt(u_char ** buf, siz
* Write the numerical transport information.
*/
if (transport != NULL && transport->f_fmtaddr != NULL) {
- char *tstr =
- transport->f_fmtaddr(transport, pdu->transport_data,
- pdu->transport_data_length);
- if (!snmp_strcat
- (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
- if (tstr != NULL) {
- free(tstr);
- }
- if (temp_buf != NULL) {
- free(temp_buf);
- }
+ oflags = transport->flags;
+ transport->flags &= ~NETSNMP_TRANSPORT_FLAG_HOSTNAME;
+ tstr = transport->f_fmtaddr(transport, pdu->transport_data,
+ pdu->transport_data_length);
+ transport->flags = oflags;
+
+ if (!tstr) goto noip;
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
+ 1, (u_char *)tstr)) {
+ SNMP_FREE(temp_buf);
+ SNMP_FREE(tstr);
return 0;
}
- if (tstr != NULL) {
- free(tstr);
- }
+ SNMP_FREE(tstr);
} else {
- if (!snmp_strcat
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
- (const u_char*)"<UNKNOWN>")) {
- if (temp_buf != NULL) {
- free(temp_buf);
- }
+noip:
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
+ (const u_char*)"<UNKNOWN>")) {
+ SNMP_FREE(temp_buf);
return 0;
- }
+ }
}
break;
- /*
- * Write a host name.
- */
case CHR_PDU_NAME:
/*
- * Right, apparently a name lookup is wanted. This is only reasonable
- * for the UDP and TCP transport domains (we don't want to try to be
- * too clever here).
+ * Try to convert the numerical transport information
+ * into a hostname. Or rather, have the transport-specific
+ * address formatting routine do this.
+ * Otherwise falls back to the numeric address format.
*/
-#ifdef NETSNMP_TRANSPORT_TCP_DOMAIN
- if (transport != NULL && (transport->domain == netsnmpUDPDomain ||
- transport->domain ==
- netsnmp_snmpTCPDomain)) {
-#else
- if (transport != NULL && transport->domain == netsnmpUDPDomain) {
-#endif
- /*
- * This is kind of bletcherous -- it breaks the opacity of
- * transport_data but never mind -- the alternative is a lot of
- * munging strings from f_fmtaddr.
- */
-typedef struct netsnmp_udp_addr_pair_s { /* From snmpUDPDomain.c */
- struct sockaddr_in remote_addr;
- struct in_addr local_addr;
-} netsnmp_udp_addr_pair;
-
- netsnmp_udp_addr_pair *addr =
- (netsnmp_udp_addr_pair *) pdu->transport_data;
- if (addr != NULL
- && pdu->transport_data_length ==
- sizeof(netsnmp_udp_addr_pair)) {
- if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
- NETSNMP_DS_APP_NUMERIC_IP)) {
- host =
- gethostbyaddr((char *) &(addr->remote_addr.sin_addr),
- sizeof(struct in_addr), AF_INET);
- }
- if (host != NULL) {
- if (!snmp_strcat
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
- (u_char *)host->h_name)) {
- if (temp_buf != NULL) {
- free(temp_buf);
- }
- return 0;
- }
- } else {
- if (!snmp_strcat
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
- (u_char *)inet_ntoa(addr->remote_addr.sin_addr))) {
- if (temp_buf != NULL) {
- free(temp_buf);
- }
- return 0;
- }
- }
- } else {
- if (!snmp_strcat
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
- (const u_char*)"<UNKNOWN>")) {
- if (temp_buf != NULL) {
- free(temp_buf);
- }
- return 0;
- }
- }
- } else if (transport != NULL && transport->f_fmtaddr != NULL) {
- /*
- * Some other domain for which we do not know how to do a name
- * lookup. Fall back to the formatted transport address.
- */
- char *tstr =
- transport->f_fmtaddr(transport, pdu->transport_data,
- pdu->transport_data_length);
- if (!snmp_strcat
- (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
- if (tstr != NULL) {
- free(tstr);
- }
- if (temp_buf != NULL) {
- free(temp_buf);
- }
+ if (transport != NULL && transport->f_fmtaddr != NULL) {
+ oflags = transport->flags;
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ NETSNMP_DS_APP_NUMERIC_IP))
+ transport->flags |= NETSNMP_TRANSPORT_FLAG_HOSTNAME;
+ tstr = transport->f_fmtaddr(transport, pdu->transport_data,
+ pdu->transport_data_length);
+ transport->flags = oflags;
+
+ if (!tstr) goto nohost;
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
+ 1, (u_char *)tstr)) {
+ SNMP_FREE(temp_buf);
+ SNMP_FREE(tstr);
return 0;
}
- if (tstr != NULL) {
- free(tstr);
- }
- } else {
- /*
- * We are kind of stuck!
- */
+ SNMP_FREE(tstr);
+ } else {
+nohost:
if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
(const u_char*)"<UNKNOWN>")) {
- if (temp_buf != NULL) {
- free(temp_buf);
- }
+ SNMP_FREE(temp_buf);
return 0;
}
}
diff -up net-snmp-5.4.1/include/net-snmp/library/snmp_transport.h.backup_patch_12 net-snmp-5.4.1/include/net-snmp/library/snmp_transport.h
--- net-snmp-5.4.1/include/net-snmp/library/snmp_transport.h.backup_patch_12 2006-10-27 22:19:44.000000000 +0200
+++ net-snmp-5.4.1/include/net-snmp/library/snmp_transport.h 2008-07-25 12:53:41.000000000 +0200
@@ -19,6 +19,7 @@ extern "C" {
#define NETSNMP_TRANSPORT_FLAG_STREAM 0x01
#define NETSNMP_TRANSPORT_FLAG_LISTEN 0x02
#define NETSNMP_TRANSPORT_FLAG_TUNNELED 0x04
+#define NETSNMP_TRANSPORT_FLAG_HOSTNAME 0x80 /* for fmtaddr hook */
/* The standard SNMP domains. */
diff -up net-snmp-5.4.1/snmplib/snmpUDPDomain.c.backup_patch_12 net-snmp-5.4.1/snmplib/snmpUDPDomain.c
--- net-snmp-5.4.1/snmplib/snmpUDPDomain.c.backup_patch_12 2007-06-11 00:15:24.000000000 +0200
+++ net-snmp-5.4.1/snmplib/snmpUDPDomain.c 2008-07-25 12:53:41.000000000 +0200
@@ -90,6 +90,7 @@ static char *
netsnmp_udp_fmtaddr(netsnmp_transport *t, void *data, int len)
{
netsnmp_udp_addr_pair *addr_pair = NULL;
+ struct hostent *host;
if (data != NULL && len == sizeof(netsnmp_udp_addr_pair)) {
addr_pair = (netsnmp_udp_addr_pair *) data;
@@ -107,6 +108,10 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t
return strdup("UDP: unknown");
}
+ if ( t && t->flags & NETSNMP_TRANSPORT_FLAG_HOSTNAME ) {
+ host = gethostbyaddr((char *)&to->sin_addr, 4, AF_INET);
+ return (host ? strdup(host->h_name) : NULL);
+ }
sprintf(tmp, "UDP: [%s]:%hu",
inet_ntoa(to->sin_addr), ntohs(to->sin_port));
return strdup(tmp);

View File

@ -1,44 +0,0 @@
452131: net-snmp-perl is broken for 5.10, cannot set oids
Source: jbjohnso@us.ibm.com, accepted upstream, SVN rev. 17097
diff -urN net-snmp-5.4.1/perl/SNMP/SNMP.xs net-snmp-5.4.1-f9fix/perl/SNMP/SNMP.xs
diff -up net-snmp-5.4.1/perl/SNMP/SNMP.xs.backup_patch_19 net-snmp-5.4.1/perl/SNMP/SNMP.xs
--- net-snmp-5.4.1/perl/SNMP/SNMP.xs.backup_patch_19 2008-07-25 12:54:02.000000000 +0200
+++ net-snmp-5.4.1/perl/SNMP/SNMP.xs 2008-07-25 12:54:05.000000000 +0200
@@ -3072,7 +3072,7 @@ snmp_set(sess_ref, varlist_ref, perl_cal
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
(varbind_val_f && SvOK(*varbind_val_f) ?
SvPV(*varbind_val_f,na):NULL),
- (varbind_val_f && SvOK(*varbind_val_f) ?
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
SvCUR(*varbind_val_f):0), type);
if (verbose && res == FAILURE)
@@ -4266,7 +4266,7 @@ snmp_trapV1(sess_ref,enterprise,agent,ge
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
(varbind_val_f && SvOK(*varbind_val_f) ?
SvPV(*varbind_val_f,na):NULL),
- (varbind_val_f && SvOK(*varbind_val_f) ?
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
SvCUR(*varbind_val_f):0),
type);
@@ -4424,7 +4424,7 @@ snmp_trapV2(sess_ref,uptime,trap_oid,var
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
(varbind_val_f && SvOK(*varbind_val_f) ?
SvPV(*varbind_val_f,na):NULL),
- (varbind_val_f && SvOK(*varbind_val_f) ?
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
SvCUR(*varbind_val_f):0),
type);
@@ -4563,7 +4563,7 @@ snmp_inform(sess_ref,uptime,trap_oid,var
res = __add_var_val_str(pdu, oid_arr, oid_arr_len,
(varbind_val_f && SvOK(*varbind_val_f) ?
SvPV(*varbind_val_f,na):NULL),
- (varbind_val_f && SvOK(*varbind_val_f) ?
+ (varbind_val_f && SvPOK(*varbind_val_f) ?
SvCUR(*varbind_val_f):0),
type);

View File

@ -1,107 +0,0 @@
447262: CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&sortby=date&revision=16770
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
diff -up net-snmp-5.4.1/perl/SNMP/SNMP.xs.backup_patch_18 net-snmp-5.4.1/perl/SNMP/SNMP.xs
--- net-snmp-5.4.1/perl/SNMP/SNMP.xs.backup_patch_18 2007-06-19 00:28:09.000000000 +0200
+++ net-snmp-5.4.1/perl/SNMP/SNMP.xs 2008-07-25 12:54:02.000000000 +0200
@@ -470,14 +470,16 @@ int flag;
if (flag == USE_ENUMS) {
for(ep = tp->enums; ep; ep = ep->next) {
if (ep->value == *var->val.integer) {
- strcpy(buf, ep->label);
+ strncpy(buf, ep->label, buf_len);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
break;
}
}
}
if (!len) {
- sprintf(buf,"%ld", *var->val.integer);
+ snprintf(buf, buf_len, "%ld", *var->val.integer);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
}
break;
@@ -486,21 +488,25 @@ int flag;
case ASN_COUNTER:
case ASN_TIMETICKS:
case ASN_UINTEGER:
- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
+ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
+ buf[buf_len-1] = '\0';
len = strlen(buf);
break;
case ASN_OCTET_STR:
case ASN_OPAQUE:
- memcpy(buf, (char*)var->val.string, var->val_len);
len = var->val_len;
+ if ( len > buf_len )
+ len = buf_len;
+ memcpy(buf, (char*)var->val.string, len);
break;
case ASN_IPADDRESS:
- ip = (u_char*)var->val.string;
- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
- len = strlen(buf);
- break;
+ ip = (u_char*)var->val.string;
+ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ break;
case ASN_NULL:
break;
@@ -512,14 +518,14 @@ int flag;
break;
case SNMP_ENDOFMIBVIEW:
- sprintf(buf,"%s", "ENDOFMIBVIEW");
- break;
+ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
+ break;
case SNMP_NOSUCHOBJECT:
- sprintf(buf,"%s", "NOSUCHOBJECT");
- break;
+ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
+ break;
case SNMP_NOSUCHINSTANCE:
- sprintf(buf,"%s", "NOSUCHINSTANCE");
- break;
+ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
+ break;
case ASN_COUNTER64:
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
@@ -538,19 +544,19 @@ int flag;
#endif
case ASN_BIT_STR:
- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
+ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
len = strlen(buf);
break;
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case ASN_OPAQUE_FLOAT:
- if (var->val.floatVal)
- sprintf(buf,"%f", *var->val.floatVal);
- break;
+ if (var->val.floatVal)
+ snprintf(buf, buf_len, "%f", *var->val.floatVal);
+ break;
case ASN_OPAQUE_DOUBLE:
- if (var->val.doubleVal)
- sprintf(buf,"%f", *var->val.doubleVal);
- break;
+ if (var->val.doubleVal)
+ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
+ break;
#endif
case ASN_NSAP:

View File

@ -3,12 +3,12 @@
# Arches on which we need to prevent arch conflicts on net-snmp-config.h
%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64
%define major_ver 5.4.1
%define major_ver 5.4.2
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: %{major_ver}
Release: 22%{?dist}
Release: 1%{?dist}
Epoch: 1
License: BSD and MIT
@ -28,20 +28,14 @@ Patch1: ucd-snmp-4.2.4.pre3-mnttab.patch
Patch2: net-snmp-5.0.8-ipv6-sock-close.patch
Patch3: net-snmp-5.0.8-readonly.patch
Patch4: net-snmp-5.4.1-pie.patch
Patch5: net-snmp-5.4-64bit.patch
Patch6: net-snmp-5.1.2-dir-fix.patch
Patch7: net-snmp-5.2.1-file_offset.patch
Patch8: net-snmp-5.3.1-multilib.patch
Patch9: net-snmp-5.4.1-config_libdir.patch
Patch10: net-snmp-5.4.1-strange_libpath.patch
Patch11: net-snmp-5.4.1-hostname.patch
Patch12: net-snmp-5.4.1-shared-ip.patch
Patch13: net-snmp-5.4-exec-crash.patch
Patch14: net-snmp-5.4.1-sensors3.patch
Patch15: net-snmp-5.4.1-xen-crash.patch
Patch16: net-snmp-5.4.1-hmac-check.patch
Patch17: net-snmp-5.4.1-perl-snprintf.patch
Patch18: net-snmp-5.4.1-perl-set.patch
Patch5: net-snmp-5.1.2-dir-fix.patch
Patch6: net-snmp-5.2.1-file_offset.patch
Patch7: net-snmp-5.3.1-multilib.patch
Patch8: net-snmp-5.4.1-config_libdir.patch
Patch9: net-snmp-5.4.1-strange_libpath.patch
Patch10: net-snmp-5.4.1-shared-ip.patch
Patch11: net-snmp-5.4.1-sensors3.patch
Patch12: net-snmp-5.4.1-xen-crash.patch
Requires(pre): chkconfig
Requires(post): chkconfig
@ -172,20 +166,14 @@ Net-SNMP toolkit library.
%patch4 -p1 -b .pie
%endif
%patch5 -p1 -b .64bit
%patch6 -p1 -b .dir-fix
%patch7 -p1 -b .file_offset
%patch8 -p1 -b .multilib
%patch9 -p1 -b .libdir
%patch10 -p1 -b .libpath
%patch11 -p1 -b .hostname
%patch12 -p1 -b .shared-ip
%patch13 -p1 -b .exec
%patch14 -p1 -b .sensors
%patch15 -p1 -b .xen-crash
%patch16 -p1 -b .hmac-check
%patch17 -p1 -b .perl-snprintf
%patch18 -p1 -b .perl-set
%patch5 -p1 -b .dir-fix
%patch6 -p1 -b .file_offset
%patch7 -p1 -b .multilib
%patch8 -p1 -b .libdir
%patch9 -p1 -b .libpath
%patch10 -p1 -b .shared-ip
%patch11 -p1 -b .sensors
%patch12 -p1 -b .xen-crash
# Do this patch with a perl hack...
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@ -417,6 +405,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_libdir}/lib*.so.*
%changelog
* Wed Sep 17 2008 Jan Safranek <jsafranek@redhat.com> 5.4.2-1
- update to net-snmp-5.4.2
* Wed Sep 10 2008 John A. Khvatov <ivaxer@fedoraproject.org> 5.4.1-22
- add net-snmp-python

View File

@ -1 +1 @@
6c974df7a5a5b1579f72115e6b045bda net-snmp-5.4.1.tar.gz
2c97d0d99e1ec89d64f6713c069079ad net-snmp-5.4.2.tar.gz