Fix multiple issues found in net-snmp.
- exit snmpd after snmpd -h command - fix issues found by coverity scan - fix issue with flood messages - fix double free or corruption error when freeing security context
This commit is contained in:
parent
b0ffa68e22
commit
b2ce63191d
@ -1,14 +1,14 @@
|
|||||||
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
|
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
|
||||||
--- old/agent/mibgroup/host/data_access/swrun.c 2018-03-26 09:00:39.932335587 +0200
|
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
|
||||||
+++ new/agent/mibgroup/host/data_access/swrun.c 2018-03-26 09:03:00.845876681 +0200
|
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
|
||||||
@@ -102,7 +102,9 @@ swrun_count_processes_by_name( char *nam
|
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
|
||||||
return 0; /* or -1 */
|
return 0; /* or -1 */
|
||||||
|
|
||||||
it = CONTAINER_ITERATOR( swrun_container );
|
it = CONTAINER_ITERATOR( swrun_container );
|
||||||
- while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
|
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
|
||||||
+ for (entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it );
|
+ if (0 == strcmp( entry->hrSWRunName, name ))
|
||||||
+ entry;
|
+ i++;
|
||||||
+ entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) {
|
+ }
|
||||||
|
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
|
||||||
if (0 == strcmp( entry->hrSWRunName, name ))
|
if (0 == strcmp( entry->hrSWRunName, name ))
|
||||||
i++;
|
i++;
|
||||||
}
|
|
||||||
|
68
net-snmp-5.8-coverity.patch
Normal file
68
net-snmp-5.8-coverity.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
diff -urNp a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
|
||||||
|
--- a/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 10:43:38.722444233 +0200
|
||||||
|
+++ b/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 11:01:46.503253963 +0200
|
||||||
|
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *
|
||||||
|
* Similarly, if no fallEvent is configured,
|
||||||
|
* there's no point in trying to fire it either.
|
||||||
|
*/
|
||||||
|
- if (entry->mteTThRiseEvent[0] != '\0' ) {
|
||||||
|
+ if (entry->mteTThFallEvent[0] != '\0' ) {
|
||||||
|
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||||
|
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||||
|
entry->mteTriggerFired = vp1;
|
||||||
|
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *
|
||||||
|
* Similarly, if no fallEvent is configured,
|
||||||
|
* there's no point in trying to fire it either.
|
||||||
|
*/
|
||||||
|
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
|
||||||
|
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
|
||||||
|
entry->mteTriggerXOwner = entry->mteTThObjOwner;
|
||||||
|
entry->mteTriggerXObjects = entry->mteTThObjects;
|
||||||
|
entry->mteTriggerFired = vp1;
|
||||||
|
diff -urNp a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c
|
||||||
|
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 10:43:38.697444449 +0200
|
||||||
|
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 11:12:07.109024625 +0200
|
||||||
|
@@ -122,6 +122,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
|
||||||
|
bsize = getpagesize()-1;
|
||||||
|
buff = (char*)malloc(bsize+1);
|
||||||
|
if (buff == NULL) {
|
||||||
|
+ close(statfd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||||
|
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 10:43:38.711444328 +0200
|
||||||
|
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 11:16:45.532231535 +0200
|
||||||
|
@@ -543,15 +543,18 @@ netsnmp_access_ipaddress_extra_prefix_in
|
||||||
|
status = send (sd, &req, req.nlhdr.nlmsg_len, 0);
|
||||||
|
if (status < 0) {
|
||||||
|
snmp_log(LOG_ERR, "could not send netlink request\n");
|
||||||
|
+ close(sd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
status = recv (sd, buf, sizeof(buf), 0);
|
||||||
|
if (status < 0) {
|
||||||
|
snmp_log (LOG_ERR, "could not recieve netlink request\n");
|
||||||
|
+ close(sd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (status == 0) {
|
||||||
|
snmp_log (LOG_ERR, "nothing to read\n");
|
||||||
|
+ close(sd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
for (nlmp = (struct nlmsghdr *)buf; status > sizeof(*nlmp); ){
|
||||||
|
@@ -561,11 +564,13 @@ netsnmp_access_ipaddress_extra_prefix_in
|
||||||
|
|
||||||
|
if (req_len < 0 || len > status) {
|
||||||
|
snmp_log (LOG_ERR, "invalid netlink message\n");
|
||||||
|
+ close(sd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!NLMSG_OK (nlmp, status)) {
|
||||||
|
snmp_log (LOG_ERR, "invalid NLMSG message\n");
|
||||||
|
+ close(sd);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlmp);
|
26
net-snmp-5.8-flood-messages.patch
Normal file
26
net-snmp-5.8-flood-messages.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From cd09fd82522861830aaf9d237b26eef5f9ba50d2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bart Van Assche <bvanassche@acm.org>
|
||||||
|
Date: Wed, 21 Nov 2018 20:47:42 -0800
|
||||||
|
Subject: [PATCH] MIB-II: Only log once that opening /proc/net/if_inet6 failed
|
||||||
|
|
||||||
|
If IPv6 has been disabled (ipv6.disable=1) then opening /proc/net/if_inet6
|
||||||
|
fails. Only log this once instead of thousand of times a day.
|
||||||
|
|
||||||
|
Reported-by: Fif <lefif@users.sourceforge.net>
|
||||||
|
---
|
||||||
|
agent/mibgroup/ip-mib/data_access/ipaddress_linux.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||||
|
index 5ddead3e0..280575ce3 100644
|
||||||
|
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||||
|
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
|
||||||
|
@@ -234,7 +234,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
|
||||||
|
|
||||||
|
#define PROCFILE "/proc/net/if_inet6"
|
||||||
|
if (!(in = fopen(PROCFILE, "r"))) {
|
||||||
|
- snmp_log_perror("ipaddress_linux: could not open " PROCFILE);
|
||||||
|
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
|
|
146
net-snmp-5.8-sec-counter.patch
Normal file
146
net-snmp-5.8-sec-counter.patch
Normal file
@ -0,0 +1,146 @@
|
|||||||
|
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
|
||||||
|
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
|
||||||
|
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
|
||||||
|
@@ -43,6 +43,7 @@ extern "C" {
|
||||||
|
* Structures.
|
||||||
|
*/
|
||||||
|
struct usmStateReference {
|
||||||
|
+ int refcnt;
|
||||||
|
char *usr_name;
|
||||||
|
size_t usr_name_length;
|
||||||
|
u_char *usr_engine_id;
|
||||||
|
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
|
||||||
|
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
|
||||||
|
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
|
||||||
|
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (pdu->securityStateRef &&
|
||||||
|
- pdu->command == SNMP_MSG_TRAP2) {
|
||||||
|
-
|
||||||
|
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
|
||||||
|
- (struct usmStateReference **) &newpdu->securityStateRef );
|
||||||
|
-
|
||||||
|
- if (ret)
|
||||||
|
- {
|
||||||
|
+ sptr = find_sec_mod(newpdu->securityModel);
|
||||||
|
+ if (sptr && sptr->pdu_clone) {
|
||||||
|
+ /* call security model if it needs to know about this */
|
||||||
|
+ ret = sptr->pdu_clone(pdu, newpdu);
|
||||||
|
+ if (ret) {
|
||||||
|
snmp_free_pdu(newpdu);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
|
||||||
|
- sptr->pdu_clone != NULL) {
|
||||||
|
- /*
|
||||||
|
- * call security model if it needs to know about this
|
||||||
|
- */
|
||||||
|
- (*sptr->pdu_clone) (pdu, newpdu);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
return newpdu;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
|
||||||
|
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
|
||||||
|
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
|
||||||
|
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
|
||||||
|
struct usmStateReference *
|
||||||
|
usm_malloc_usmStateReference(void)
|
||||||
|
{
|
||||||
|
- struct usmStateReference *retval = (struct usmStateReference *)
|
||||||
|
- calloc(1, sizeof(struct usmStateReference));
|
||||||
|
+ struct usmStateReference *retval;
|
||||||
|
+
|
||||||
|
+ retval = calloc(1, sizeof(struct usmStateReference));
|
||||||
|
+ if (retval)
|
||||||
|
+ retval->refcnt = 1;
|
||||||
|
|
||||||
|
return retval;
|
||||||
|
} /* end usm_malloc_usmStateReference() */
|
||||||
|
|
||||||
|
+static int
|
||||||
|
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
|
||||||
|
+{
|
||||||
|
+ struct usmStateReference *ref = pdu->securityStateRef;
|
||||||
|
+ struct usmStateReference **new_ref =
|
||||||
|
+ (struct usmStateReference **)&new_pdu->securityStateRef;
|
||||||
|
+ int ret = 0;
|
||||||
|
+
|
||||||
|
+ if (!ref)
|
||||||
|
+ return ret;
|
||||||
|
+
|
||||||
|
+ if (pdu->command == SNMP_MSG_TRAP2) {
|
||||||
|
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
|
||||||
|
+ ret = usm_clone_usmStateReference(ref, new_ref);
|
||||||
|
+ } else {
|
||||||
|
+ netsnmp_assert(ref == *new_ref);
|
||||||
|
+ ref->refcnt++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
|
||||||
|
void
|
||||||
|
usm_free_usmStateReference(void *old)
|
||||||
|
{
|
||||||
|
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
|
||||||
|
+ struct usmStateReference *ref = old;
|
||||||
|
|
||||||
|
- if (old_ref) {
|
||||||
|
+ if (!ref)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
- if (old_ref->usr_name_length)
|
||||||
|
- SNMP_FREE(old_ref->usr_name);
|
||||||
|
- if (old_ref->usr_engine_id_length)
|
||||||
|
- SNMP_FREE(old_ref->usr_engine_id);
|
||||||
|
- if (old_ref->usr_auth_protocol_length)
|
||||||
|
- SNMP_FREE(old_ref->usr_auth_protocol);
|
||||||
|
- if (old_ref->usr_priv_protocol_length)
|
||||||
|
- SNMP_FREE(old_ref->usr_priv_protocol);
|
||||||
|
-
|
||||||
|
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
|
||||||
|
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
|
||||||
|
- SNMP_FREE(old_ref->usr_auth_key);
|
||||||
|
- }
|
||||||
|
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
|
||||||
|
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
|
||||||
|
- SNMP_FREE(old_ref->usr_priv_key);
|
||||||
|
- }
|
||||||
|
+ if (--ref->refcnt > 0)
|
||||||
|
+ return;
|
||||||
|
|
||||||
|
- SNMP_ZERO(old_ref, sizeof(*old_ref));
|
||||||
|
- SNMP_FREE(old_ref);
|
||||||
|
+ SNMP_FREE(ref->usr_name);
|
||||||
|
+ SNMP_FREE(ref->usr_engine_id);
|
||||||
|
+ SNMP_FREE(ref->usr_auth_protocol);
|
||||||
|
+ SNMP_FREE(ref->usr_priv_protocol);
|
||||||
|
|
||||||
|
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
|
||||||
|
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
|
||||||
|
+ SNMP_FREE(ref->usr_auth_key);
|
||||||
|
+ }
|
||||||
|
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
|
||||||
|
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
|
||||||
|
+ SNMP_FREE(ref->usr_priv_key);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ SNMP_FREE(ref);
|
||||||
|
} /* end usm_free_usmStateReference() */
|
||||||
|
|
||||||
|
struct usmUser *
|
||||||
|
@@ -3316,6 +3337,7 @@ init_usm(void)
|
||||||
|
def->encode_reverse = usm_secmod_rgenerate_out_msg;
|
||||||
|
def->encode_forward = usm_secmod_generate_out_msg;
|
||||||
|
def->decode = usm_secmod_process_in_msg;
|
||||||
|
+ def->pdu_clone = usm_clone;
|
||||||
|
def->pdu_free_state_ref = usm_free_usmStateReference;
|
||||||
|
def->session_setup = usm_session_init;
|
||||||
|
def->handle_report = usm_handle_report;
|
11
net-snmp-5.8-usage-exit.patch
Normal file
11
net-snmp-5.8-usage-exit.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -urNp a/agent/snmpd.c b/agent/snmpd.c
|
||||||
|
--- a/agent/snmpd.c 2018-10-04 10:34:10.939728847 +0200
|
||||||
|
+++ b/agent/snmpd.c 2018-10-04 10:34:43.910625603 +0200
|
||||||
|
@@ -325,6 +325,7 @@ usage(char *prog)
|
||||||
|
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
|
||||||
|
"\n"
|
||||||
|
);
|
||||||
|
+ exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
@ -10,7 +10,7 @@
|
|||||||
Summary: A collection of SNMP protocol tools and libraries
|
Summary: A collection of SNMP protocol tools and libraries
|
||||||
Name: net-snmp
|
Name: net-snmp
|
||||||
Version: 5.8
|
Version: 5.8
|
||||||
Release: 18%{?dist}
|
Release: 19%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
@ -46,6 +46,10 @@ Patch16: net-snmp-5.8-licensing.patch
|
|||||||
Patch17: net-snmp-5.8-agent-of-death.patch
|
Patch17: net-snmp-5.8-agent-of-death.patch
|
||||||
Patch18: net-snmp-5.8-trapsink.patch
|
Patch18: net-snmp-5.8-trapsink.patch
|
||||||
Patch19: net-snmp-5.8-v3-forward.patch
|
Patch19: net-snmp-5.8-v3-forward.patch
|
||||||
|
Patch20: net-snmp-5.8-usage-exit.patch
|
||||||
|
Patch21: net-snmp-5.8-coverity.patch
|
||||||
|
Patch22: net-snmp-5.8-flood-messages.patch
|
||||||
|
Patch23: net-snmp-5.8-sec-counter.patch
|
||||||
|
|
||||||
# Modern RPM API means at least EL6
|
# Modern RPM API means at least EL6
|
||||||
Patch101: net-snmp-5.8-modern-rpm-api.patch
|
Patch101: net-snmp-5.8-modern-rpm-api.patch
|
||||||
@ -230,6 +234,12 @@ cp %{SOURCE10} .
|
|||||||
%patch17 -p1 -b .agent-of-death
|
%patch17 -p1 -b .agent-of-death
|
||||||
%patch18 -p1 -b .trapsink
|
%patch18 -p1 -b .trapsink
|
||||||
%patch19 -p1 -b .v3-forward
|
%patch19 -p1 -b .v3-forward
|
||||||
|
%patch20 -p1 -b .usage-fix
|
||||||
|
%patch21 -p1 -b .coverity
|
||||||
|
%patch22 -p1 -b .flood-messages
|
||||||
|
%patch23 -p1 -b .sec-counter
|
||||||
|
|
||||||
|
|
||||||
%patch101 -p1 -b .modern-rpm-api
|
%patch101 -p1 -b .modern-rpm-api
|
||||||
%patch102 -p1
|
%patch102 -p1
|
||||||
|
|
||||||
@ -497,6 +507,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
|
|||||||
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
|
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 09 2020 Josef Ridky <jridky@redhat.com> -1:5.8-19
|
||||||
|
- exit snmpd after snmpd -h command
|
||||||
|
- fix issues found by coverity scan
|
||||||
|
- fix issue with flood messages
|
||||||
|
- fix double free or corruption error when freeing security context
|
||||||
|
|
||||||
* Tue Mar 24 2020 Petr Pisar <ppisar@redhat.com> - 1:5.8-18
|
* Tue Mar 24 2020 Petr Pisar <ppisar@redhat.com> - 1:5.8-18
|
||||||
- Build-require Perl dependencies for running the tests
|
- Build-require Perl dependencies for running the tests
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user