import net-snmp-5.8-14.el8_2.1

SOURCES/net-snmp-5.8-sec-memory-leak.patch

@@ -0,0 +1,84 @@
+diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
+--- a/agent/snmp_agent.c	2020-06-11 10:20:31.646339191 +0200
++++ b/agent/snmp_agent.c	2020-06-11 10:23:41.178056889 +0200
+@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
+     DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
+                 asp, asp->reqinfo));
+ 
+-    /* Clean up securityStateRef here to prevent a double free */
+-    if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+-	snmp_free_securityStateRef(asp->orig_pdu);
+-    if (asp->pdu && asp->pdu->securityStateRef)
+-	snmp_free_securityStateRef(asp->pdu);
+-
+     if (asp->orig_pdu)
+         snmp_free_pdu(asp->orig_pdu);
+     if (asp->pdu)
+diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
+--- a/include/net-snmp/pdu_api.h	2020-06-11 10:20:31.631339058 +0200
++++ b/include/net-snmp/pdu_api.h	2020-06-11 10:24:17.261390028 +0200
+@@ -19,8 +19,6 @@ NETSNMP_IMPORT
+ netsnmp_pdu    *snmp_fix_pdu(  netsnmp_pdu *pdu, int idx);
+ NETSNMP_IMPORT
+ void            snmp_free_pdu( netsnmp_pdu *pdu);
+-NETSNMP_IMPORT
+-void            snmp_free_securityStateRef( netsnmp_pdu *pdu);
+ 
+ #ifdef __cplusplus
+ }
+diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+--- a/snmplib/snmp_api.c	2020-06-11 10:20:31.695339627 +0200
++++ b/snmplib/snmp_api.c	2020-06-11 10:33:55.510891945 +0200
+@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
+     pdu->securityStateRef = NULL;
+ }
+ 
+-/*
+- * This function is here to provide a separate call to
+- * free the securityStateRef memory. This is needed to prevent
+- * a double free if this memory is freed in snmp_free_pdu.
+- */
+-void
+-snmp_free_securityStateRef(netsnmp_pdu* pdu)
+-{
+-   free_securityStateRef(pdu);
+-}
+-
+ #define ERROR_STAT_LENGTH 11
+ 
+ int
+@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
+     if (!pdu)
+         return;
+ 
++    free_securityStateRef(pdu);
++
+     /*
+      * If the command field is empty, that probably indicates
+      *   that this PDU structure has already been freed.
+@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
+   }
+ 
+   if (ret != SNMP_ERR_NOERROR) {
+-    /*
+-     * Call the security model to free any securityStateRef supplied w/ msg.  
+-     */
+-    if (pdu->securityStateRef != NULL) {
+-      free_securityStateRef(pdu);
+-    }
+     snmp_free_pdu(pdu);
+     return NULL;
+   }
+@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
+     }
+   }
+ 
+-  /*
+-   * Call USM to free any securityStateRef supplied with the message.  
+-   */
+-  if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
+-    free_securityStateRef(pdu);
+-
+   if (!handled) {
+     if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
+       return -2;

SPECS/net-snmp.spec

@@ -10,7 +10,7 @@
 Summary:    A collection of SNMP protocol tools and libraries
 Name:       net-snmp
 Version:    5.8
-Release:    14%{?dist}
+Release:    14%{?dist}.1
 Epoch:      1
 
 License:    BSD
@@ -46,6 +46,7 @@ Patch17:    net-snmp-5.8-trapsink.patch
 Patch18:    net-snmp-5.8-flood-messages.patch
 Patch19:    net-snmp-5.8-v3-forward.patch
 Patch20:    net-snmp-5.8-sec-counter.patch
+Patch21:    net-snmp-5.8-sec-memory-leak.patch
 
 # Modern RPM API means at least EL6
 Patch101:   net-snmp-5.8-modern-rpm-api.patch
@@ -191,6 +192,7 @@ rm -r python
 %patch18 -p1 -b .flood-messages
 %patch19 -p1 -b .v3-forward
 %patch20 -p1 -b .sec-counter
+%patch21 -p1 -b .sec-memory-leak
 
 %patch101 -p1 -b .modern-rpm-api
 
@@ -444,6 +446,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
 %{_libdir}/libnetsnmptrapd*.so.%{soname}*
 
 %changelog
+* Mon Jun 15 2020 Josef Ridky <jridky@redhat.com> -1:5.8-14.1
+- add missing part of memory leak patch (#1839736)
+
 * Mon Mar 16 2020 Josef Ridky <jridky@redhat.com> - 1:5.8-14
 - fix double free or corruption error when freeing security context (#1809077)
 - remove deprecated CFLAG