rpms/net-snmp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI net-snmp-5.8-33.el8_10

Browse Source
This commit is contained in:
eabdullin 2026-01-19 06:58:50 +00:00
parent 97b549f910
commit 7d730d5ced
3 changed files with 171 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
SOURCES/net-snmp-5.8-perl-modern-auth-enablement.patch Normal file
View File

@ -0,0 +1,108 @@
diff -up net-snmp-5.8/include/net-snmp/library/scapi.h.rhcase04340580 net-snmp-5.8/include/net-snmp/library/scapi.h
--- net-snmp-5.8/include/net-snmp/library/scapi.h.rhcase04340580 2026-01-07 09:24:59.756322331 +0100
+++ net-snmp-5.8/include/net-snmp/library/scapi.h 2026-01-07 09:25:38.665568566 +0100
@@ -87,9 +87,9 @@ typedef struct netsnmp_priv_alg_info_s {
NETSNMP_IMPORT
oid * sc_get_auth_oid(int auth_type, size_t *oid_len);
NETSNMP_IMPORT
- netsnmp_auth_alg_info * sc_get_auth_alg_byoid(const oid *oid, u_int len);
+ netsnmp_auth_alg_info * sc_find_auth_alg_byoid(const oid *oid, u_int len);
NETSNMP_IMPORT
- netsnmp_auth_alg_info * sc_get_auth_alg_bytype(u_int type);
+ netsnmp_auth_alg_info * sc_find_auth_alg_bytype(u_int type);
NETSNMP_IMPORT
netsnmp_auth_alg_info * sc_get_auth_alg_byindex(u_int index);
diff -up net-snmp-5.8/perl/SNMP/SNMP.xs.rhcase04340580 net-snmp-5.8/perl/SNMP/SNMP.xs
--- net-snmp-5.8/perl/SNMP/SNMP.xs.rhcase04340580 2026-01-05 11:30:22.717000136 +0100
+++ net-snmp-5.8/perl/SNMP/SNMP.xs 2026-01-05 11:44:27.466329639 +0100
@@ -2633,6 +2633,7 @@ snmp_new_v3_session(version, peer, retri
SnmpSession session = {0};
SnmpSession *ss = NULL;
int verbose = SvIV(perl_get_sv("SNMP::verbose", 0x01 | 0x04));
+ int auth_type, priv_type;
snmp_sess_init(&session);
@@ -2664,25 +2665,25 @@ snmp_new_v3_session(version, peer, retri
(char **) &session.contextEngineID);
session.engineBoots = eng_boots;
session.engineTime = eng_time;
-#ifndef NETSNMP_DISABLE_MD5
- if (!strcmp(auth_proto, "MD5")) {
- session.securityAuthProto =
- snmp_duplicate_objid(usmHMACMD5AuthProtocol,
- OID_LENGTH(usmHMACMD5AuthProtocol));
- session.securityAuthProtoLen = OID_LENGTH(usmHMACMD5AuthProtocol);
- } else
-#endif
- if (!strcmp(auth_proto, "SHA")) {
- session.securityAuthProto =
- snmp_duplicate_objid(usmHMACSHA1AuthProtocol,
- OID_LENGTH(usmHMACSHA1AuthProtocol));
- session.securityAuthProtoLen = OID_LENGTH(usmHMACSHA1AuthProtocol);
- } else if (!strcmp(auth_proto, "DEFAULT")) {
+ /* NETSNMP_USMAUTH_* */
+ auth_type = usm_lookup_auth_type(auth_proto);
+ if (auth_type >= 0) {
+ const netsnmp_auth_alg_info *auth_alg_info =
+ sc_find_auth_alg_bytype(auth_type);
+ if (auth_alg_info) {
+ session.securityAuthProto =
+ snmp_duplicate_objid(auth_alg_info->alg_oid,
+ auth_alg_info->oid_len);
+ session.securityAuthProtoLen = auth_alg_info->oid_len;
+ }
+ }
+ if (strcmp(auth_proto, "DEFAULT") == 0) {
const oid *theoid =
get_default_authtype(&session.securityAuthProtoLen);
session.securityAuthProto =
snmp_duplicate_objid(theoid, session.securityAuthProtoLen);
- } else {
+ }
+ if (session.securityAuthProto == NULL) {
if (verbose)
warn("error:snmp_new_v3_session:Unsupported authentication protocol(%s)\n", auth_proto);
goto end;
@@ -2714,25 +2715,24 @@ snmp_new_v3_session(version, peer, retri
}
}
}
-#ifndef NETSNMP_DISABLE_DES
- if (!strcmp(priv_proto, "DES")) {
- session.securityPrivProto =
- snmp_duplicate_objid(usmDESPrivProtocol,
- OID_LENGTH(usmDESPrivProtocol));
- session.securityPrivProtoLen = OID_LENGTH(usmDESPrivProtocol);
- } else
-#endif
- if (!strncmp(priv_proto, "AES", 3)) {
- session.securityPrivProto =
- snmp_duplicate_objid(usmAESPrivProtocol,
- OID_LENGTH(usmAESPrivProtocol));
- session.securityPrivProtoLen = OID_LENGTH(usmAESPrivProtocol);
- } else if (!strcmp(priv_proto, "DEFAULT")) {
+ priv_type = usm_lookup_priv_type(priv_proto);
+ if (priv_type >= 0) {
+ const netsnmp_priv_alg_info *priv_alg_info =
+ sc_get_priv_alg_bytype(priv_type);
+ if (priv_alg_info) {
+ session.securityPrivProto =
+ snmp_duplicate_objid(priv_alg_info->alg_oid,
+ priv_alg_info->oid_len);
+ session.securityPrivProtoLen = priv_alg_info->oid_len;
+ }
+ }
+ if (strcmp(priv_proto, "DEFAULT") == 0) {
const oid *theoid =
get_default_privtype(&session.securityPrivProtoLen);
session.securityPrivProto =
snmp_duplicate_objid(theoid, session.securityPrivProtoLen);
- } else {
+ }
+ if (session.securityPrivProto == NULL) {
if (verbose)
warn("error:snmp_new_v3_session:Unsupported privacy protocol(%s)\n", priv_proto);
goto end;

54
SOURCES/net-snmp-5.9.4-oob-access.patch Normal file
View File

@ -0,0 +1,54 @@
From b4e6f826d9ddcc2d72eac432746807e1234266db Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sun, 2 Nov 2025 14:48:55 -0800
Subject: [PATCH] snmptrapd: Fix out-of-bounds trapOid[] accesses
Fixes: https://issues.oss-fuzz.com/issues/457106694
Fixes: https://issues.oss-fuzz.com/issues/458668421
Fixes: https://issues.oss-fuzz.com/issues/458876071
---
apps/snmptrapd_handlers.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/apps/snmptrapd_handlers.c b/apps/snmptrapd_handlers.c
index 6cd126f266..afd93ed0fb 100644
--- a/apps/snmptrapd_handlers.c
+++ b/apps/snmptrapd_handlers.c
@@ -1112,6 +1112,12 @@ snmp_input(int op, netsnmp_session *session,
*/
if (pdu->trap_type == SNMP_TRAP_ENTERPRISESPECIFIC) {
trapOidLen = pdu->enterprise_length;
+ /*
+ * Drop packets that would trigger an out-of-bounds trapOid[]
+ * access.
+ */
+ if (trapOidLen < 1 || trapOidLen > OID_LENGTH(trapOid) - 2)
+ return 1;
memcpy(trapOid, pdu->enterprise, sizeof(oid) * trapOidLen);
if (trapOid[trapOidLen - 1] != 0) {
trapOid[trapOidLen++] = 0;
From 35d216b57ea2e9abf1cc42077bcf60a4bae0b29e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 1 Nov 2025 13:47:37 -0700
Subject: [PATCH] snmptrapd: Do not write outside the bounds of trapOid[]
---
apps/snmptrapd_handlers.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/apps/snmptrapd_handlers.c b/apps/snmptrapd_handlers.c
index 0b8038f5d1..6cd126f266 100644
--- a/apps/snmptrapd_handlers.c
+++ b/apps/snmptrapd_handlers.c
@@ -1155,8 +1155,8 @@ snmp_input(int op, netsnmp_session *session,
return 1; /* ??? */
}
}
- memcpy(trapOid, vars->val.objid, vars->val_len);
- trapOidLen = vars->val_len /sizeof(oid);
+ trapOidLen = SNMP_MIN(sizeof(trapOid), vars->val_len) / sizeof(oid);
+ memcpy(trapOid, vars->val.objid, trapOidLen * sizeof(oid));
break;
default:

10
SPECS/net-snmp.spec
View File

@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
Release: 32%{?dist}
Release: 33%{?dist}
Epoch: 1
License: BSD
@ -83,6 +83,8 @@ Patch54: net-snmp-5.8-truncating-log-once.patch
Patch55: net-snmp-5.8-CVE-2022-24805-24810.patch
Patch56: net-snmp-5.8-callback-fix.patch
Patch57: net-snmp-5.8-engine-evaluation.patch
Patch58: net-snmp-5.9.4-oob-access.patch
Patch59: net-snmp-5.8-perl-modern-auth-enablement.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -265,6 +267,8 @@ rm -r python
%patch55 -p1 -b .CVE-2022-24805-24810
%patch56 -p1 -b .callback-fix
%patch57 -p1 -b .engine-evaluation
%patch58 -p1 -b .oob-access
%patch59 -p1 -b .perl-auth-enablement
%patch101 -p1 -b .modern-rpm-api
@ -519,6 +523,10 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Wed Jan 14 2026 Josef Ridky <jridky@redhat.com> - 1:5.8-33
- fix out of bound access (RHEL-137501)
- perl modern auth enablement (RHEL-137310)
* Wed Oct 29 2025 Josef Ridky <jridky@redhat.com> - 1:5.8-32
- fix engine order of evaluation (RHEL-116089)