From 42e763ddb82083939241f22438cc1afeb503187f Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Thu, 14 Feb 2013 12:36:44 -0500 Subject: [PATCH 1/5] add missing IETF MIB license text (BSD) --- IETF-MIB-LICENSE.txt | 41 +++++++++++++++++++++++++++++++++++++++++ net-snmp.spec | 9 ++++++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 IETF-MIB-LICENSE.txt diff --git a/IETF-MIB-LICENSE.txt b/IETF-MIB-LICENSE.txt new file mode 100644 index 0000000..5fd2a6a --- /dev/null +++ b/IETF-MIB-LICENSE.txt @@ -0,0 +1,41 @@ +MIBs included in this software taken from IETF Documents are considered +Code Components in accordance with the IETF Trust License Policy, as found +here: + +http://trustee.ietf.org/license-info/ + +They are available under the terms of the Simplified BSD license, a copy of +which is included below. + +***** + +Copyright (c) 2013 IETF Trust and the persons identified as authors of +the code. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +· Redistributions of source code must retain the above copyright notice, +this list of conditions and the following disclaimer. + +· Redistributions in binary form must reproduce the above copyright +notice, this list of conditions and the following disclaimer in the +documentation and/or other materials provided with the distribution. + +· Neither the name of Internet Society, IETF or IETF Trust, nor the +names of specific contributors, may be used to endorse or promote +products derived from this software without specific prior written +permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS +IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER +OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/net-snmp.spec b/net-snmp.spec index 5e0e43c..4795000 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -11,7 +11,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.7.2 -Release: 5%{?dist} +Release: 5%{?dist}.1 Epoch: 1 License: BSD @@ -29,6 +29,7 @@ Source8: net-snmptrapd.sysconfig Source9: net-snmp-tmpfs.conf Source10: snmpd.service Source11: snmptrapd.service +Source12: IETF-MIB-LICENSE.txt Patch1: net-snmp-5.7.2-pie.patch Patch2: net-snmp-5.5-dir-fix.patch Patch3: net-snmp-5.6-multilib.patch @@ -183,6 +184,7 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons. %prep %setup -q +cp %{SOURCE12} . %ifnarch ia64 %patch1 -p1 -b .pie @@ -411,6 +413,7 @@ rm -rf ${RPM_BUILD_ROOT} %doc README README.agent-mibs README.agentx README.krb5 README.snmpv3 %doc local/passtest local/ipf-mod.pl %doc README.thread AGENT.txt PORTING local/README.mib2c +%doc IETF-MIB-LICENSE.txt %dir %{_sysconfdir}/snmp %config(noreplace) %{_sysconfdir}/snmp/snmpd.conf %config(noreplace) %{_sysconfdir}/snmp/snmptrapd.conf @@ -474,6 +477,7 @@ rm -rf ${RPM_BUILD_ROOT} %files libs %doc COPYING README ChangeLog.trimmed FAQ NEWS TODO +%doc IETF-MIB-LICENSE.txt %{_libdir}/libnetsnmp.so.* %dir %{_datadir}/snmp %dir %{_datadir}/snmp/mibs @@ -491,6 +495,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_initrddir}/snmptrapd %changelog +* Thu Feb 14 2013 Tom Callaway 1:5.7.2-5.1 +- add missing IETF MIB license text (BSD) + * Thu Jan 17 2013 Jan Safranek - 1:5.7.2-5 - Python: fixed IPADDRESS size on 64-bit systems (#895357) From 2e6497a54c573a99bb0edceff1a2bce8f9ebb72b Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Tue, 21 May 2013 09:27:07 +0200 Subject: [PATCH 2/5] added btrfs support to hrFSTable Resolves: #965348,#1027427 Removed direct dependency on mysql-libs Resolves: #962739 --- net-snmp-5.7.2-btrfs.patch | 32 ++++++++++++++++++++++++++++++++ net-snmp.spec | 8 ++++++-- 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 net-snmp-5.7.2-btrfs.patch diff --git a/net-snmp-5.7.2-btrfs.patch b/net-snmp-5.7.2-btrfs.patch new file mode 100644 index 0000000..db0afbd --- /dev/null +++ b/net-snmp-5.7.2-btrfs.patch @@ -0,0 +1,32 @@ +Bug 965348 - HOST-RESOURCES-MIB::hrFS* not includes btrfs + +commit da1fef382591ff45dc92eb3b95a6bfeff9ecfa4f +Author: Jan Safranek +Date: Tue May 21 09:13:41 2013 +0200 + + CHANGES: snmpd: Added btrfs support to hrFSTable + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.btrfs net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.btrfs 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c 2013-05-21 09:22:11.457405066 +0200 +@@ -139,6 +139,7 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_REISERFS) || + !strcmp(typename, MNTTYPE_OCFS2) || + !strcmp(typename, MNTTYPE_CVFS) || ++ !strcmp(typename, MNTTYPE_BTRFS) || + !strcmp(typename, MNTTYPE_LOFS)) + return NETSNMP_FS_TYPE_OTHER; + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.btrfs net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.btrfs 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h 2013-05-21 09:22:33.758303373 +0200 +@@ -142,6 +142,9 @@ + #ifndef MNTTYPE_CVFS + #define MNTTYPE_CVFS "cvfs" + #endif ++#ifndef MNTTYPE_BTRFS ++#define MNTTYPE_BTRFS "btrfs" ++#endif + + /* + * File systems to skip diff --git a/net-snmp.spec b/net-snmp.spec index e41b774..b0e3201 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -11,7 +11,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.7.2 -Release: 11%{?dist} +Release: 12%{?dist} Epoch: 1 License: BSD @@ -39,6 +39,7 @@ Patch6: net-snmp-5.7.2-systemd.patch Patch7: net-snmp-5.7.2-python-ipaddress-size.patch Patch8: net-snmp-5.7.2-create-user-multilib.patch Patch9: net-snmp-5.7.2-autoreconf.patch +Patch10: net-snmp-5.7.2-btrfs.patch Requires(post): chkconfig Requires(preun): chkconfig @@ -48,7 +49,6 @@ Requires(preun): initscripts Requires(preun): coreutils Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs = %{epoch}:%{version}-%{release} -Requires: mysql-libs # This is actually needed for the %%triggerun script but Requires(triggerun) # is not valid. We can use %%post because this particular %triggerun script # should fire just after this package is installed. @@ -203,6 +203,7 @@ cp %{SOURCE12} . %patch7 -p1 -b .ipaddress-size %patch8 -p1 -b .multilib %patch9 -p1 -b .autoreconf +%patch10 -p1 -b .btrfs %ifarch sparc64 s390 s390x # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 @@ -504,6 +505,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_initrddir}/snmptrapd %changelog +* Tue May 21 2013 Jan Safranek - 1:5.7.2-12 +- added btrfs support to hrFSTable (#965348) + * Mon May 6 2013 Jan Safranek - 1:5.7.2-11 - added aarch64 to multilib architectures. From 3781561b22a4f60f79d89d49ba99b31404b1a254 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Tue, 21 May 2013 09:27:07 +0200 Subject: [PATCH 3/5] added btrfs support to hrFSTable Resolves: #965348 Removed direct dependency on mysql-libs Resolves: #962739 Conflicts: net-snmp.spec --- net-snmp-5.7.2-btrfs.patch | 32 ++++++++++++++++++++++++++++++++ net-snmp.spec | 11 ++++++++--- 2 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 net-snmp-5.7.2-btrfs.patch diff --git a/net-snmp-5.7.2-btrfs.patch b/net-snmp-5.7.2-btrfs.patch new file mode 100644 index 0000000..db0afbd --- /dev/null +++ b/net-snmp-5.7.2-btrfs.patch @@ -0,0 +1,32 @@ +Bug 965348 - HOST-RESOURCES-MIB::hrFS* not includes btrfs + +commit da1fef382591ff45dc92eb3b95a6bfeff9ecfa4f +Author: Jan Safranek +Date: Tue May 21 09:13:41 2013 +0200 + + CHANGES: snmpd: Added btrfs support to hrFSTable + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.btrfs net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c.btrfs 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/fsys_mntent.c 2013-05-21 09:22:11.457405066 +0200 +@@ -139,6 +139,7 @@ _fsys_type( char *typename ) + !strcmp(typename, MNTTYPE_REISERFS) || + !strcmp(typename, MNTTYPE_OCFS2) || + !strcmp(typename, MNTTYPE_CVFS) || ++ !strcmp(typename, MNTTYPE_BTRFS) || + !strcmp(typename, MNTTYPE_LOFS)) + return NETSNMP_FS_TYPE_OTHER; + +diff -up net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.btrfs net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h +--- net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h.btrfs 2012-10-10 00:28:58.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/hardware/fsys/mnttypes.h 2013-05-21 09:22:33.758303373 +0200 +@@ -142,6 +142,9 @@ + #ifndef MNTTYPE_CVFS + #define MNTTYPE_CVFS "cvfs" + #endif ++#ifndef MNTTYPE_BTRFS ++#define MNTTYPE_BTRFS "btrfs" ++#endif + + /* + * File systems to skip diff --git a/net-snmp.spec b/net-snmp.spec index 4795000..3990ae1 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -11,7 +11,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.7.2 -Release: 5%{?dist}.1 +Release: 6%{?dist} Epoch: 1 License: BSD @@ -38,6 +38,7 @@ Patch5: net-snmp-5.5-perl-linking.patch Patch6: net-snmp-5.6-test-debug.patch Patch7: net-snmp-5.7.2-systemd.patch Patch8: net-snmp-5.7.2-python-ipaddress-size.patch +Patch9: net-snmp-5.7.2-btrfs.patch Requires(post): chkconfig Requires(preun): chkconfig @@ -48,8 +49,8 @@ Requires(preun): coreutils Requires: %{name}-libs = %{epoch}:%{version}-%{release} Requires: %{name}-agent-libs = %{epoch}:%{version}-%{release} Requires: mysql-libs -# This is actually needed for the %triggerun script but Requires(triggerun) -# is not valid. We can use %post because this particular %triggerun script +# This is actually needed for the %%triggerun script but Requires(triggerun) +# is not valid. We can use %%post because this particular %triggerun script # should fire just after this package is installed. Requires(post): systemd-sysv @@ -201,6 +202,7 @@ cp %{SOURCE12} . %patch6 -p1 %patch7 -p1 -b .systemd %patch8 -p1 -b .ipaddress-size +%patch9 -p1 -b .btrfs %ifarch sparc64 s390 s390x # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 @@ -495,6 +497,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_initrddir}/snmptrapd %changelog +* Fri Nov 8 2013 Jan Safranek 1:5.7.2-6 +- Added btrfs support to hrFSTable + * Thu Feb 14 2013 Tom Callaway 1:5.7.2-5.1 - add missing IETF MIB license text (BSD) From 9103f7f6018b8040a92e9de3cb617acf8a5e001d Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Thu, 5 Dec 2013 13:21:03 +0100 Subject: [PATCH 4/5] Fixed snmpd crashing when AgentX subagent disconnects in the middle of request processing Resolves: #1038011 CVE-2012-6151 --- net-snmp-5.5-agentx-disconnect-crash.patch | 270 +++++++++++++++++++++ net-snmp-5.7-agentx-crash.patch | 57 +++++ net-snmp.spec | 8 + 3 files changed, 335 insertions(+) create mode 100644 net-snmp-5.5-agentx-disconnect-crash.patch create mode 100644 net-snmp-5.7-agentx-crash.patch diff --git a/net-snmp-5.5-agentx-disconnect-crash.patch b/net-snmp-5.5-agentx-disconnect-crash.patch new file mode 100644 index 0000000..b3b47be --- /dev/null +++ b/net-snmp-5.5-agentx-disconnect-crash.patch @@ -0,0 +1,270 @@ +955511 - net-snmpd crash on time out +969061 - net-snmpd crash on time out +1038011 - net-snmp: snmpd crashes/hangs when AgentX subagent times-out + +Based on usptream commit 793d596838ff7cb48a73b675d62897c56c9e62df, +heavily backported to net-snmp-5.5 + +diff -up net-snmp-5.7.2/agent/mibgroup/agentx/master_admin.c.disconnect-crash net-snmp-5.7.2/agent/mibgroup/agentx/master_admin.c +--- net-snmp-5.7.2/agent/mibgroup/agentx/master_admin.c.disconnect-crash 2013-07-03 15:26:35.884813210 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/agentx/master_admin.c 2013-07-03 15:26:35.908813135 +0200 +@@ -158,6 +158,7 @@ close_agentx_session(netsnmp_session * s + for (sp = session->subsession; sp != NULL; sp = sp->next) { + + if (sp->sessid == sessid) { ++ netsnmp_remove_delegated_requests_for_session(sp); + unregister_mibs_by_session(sp); + unregister_index_by_session(sp); + unregister_sysORTable_by_session(sp); +diff -up net-snmp-5.7.2/agent/mibgroup/agentx/master.c.disconnect-crash net-snmp-5.7.2/agent/mibgroup/agentx/master.c +--- net-snmp-5.7.2/agent/mibgroup/agentx/master.c.disconnect-crash 2013-07-03 15:26:35.000000000 +0200 ++++ net-snmp-5.7.2/agent/mibgroup/agentx/master.c 2013-07-03 15:29:00.644362208 +0200 +@@ -222,7 +222,7 @@ agentx_got_response(int operation, + /* response is too late, free the cache */ + if (magic) + netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic); +- return 0; ++ return 1; + } + requests = cache->requests; + +diff -up net-snmp-5.7.2/agent/snmp_agent.c.disconnect-crash net-snmp-5.7.2/agent/snmp_agent.c +--- net-snmp-5.7.2/agent/snmp_agent.c.disconnect-crash 2013-07-03 15:26:35.893813182 +0200 ++++ net-snmp-5.7.2/agent/snmp_agent.c 2013-07-03 15:28:28.979460861 +0200 +@@ -1446,6 +1446,7 @@ free_agent_snmp_session(netsnmp_agent_se + netsnmp_free_cachemap(asp->cache_store); + asp->cache_store = NULL; + } ++ agent_snmp_session_release_cancelled(asp); + SNMP_FREE(asp); + } + +@@ -1457,6 +1458,11 @@ netsnmp_check_for_delegated(netsnmp_agen + + if (NULL == asp->treecache) + return 0; ++ ++ if (agent_snmp_session_is_cancelled(asp)) { ++ printf("request %p cancelled\n", asp); ++ return 0; ++ } + + for (i = 0; i <= asp->treecache_num; i++) { + for (request = asp->treecache[i].requests_begin; request; +@@ -1535,39 +1541,48 @@ int + netsnmp_remove_delegated_requests_for_session(netsnmp_session *sess) + { + netsnmp_agent_session *asp; +- int count = 0; ++ int total_count = 0; + + for (asp = agent_delegated_list; asp; asp = asp->next) { + /* + * check each request + */ ++ int i; ++ int count = 0; + netsnmp_request_info *request; +- for(request = asp->requests; request; request = request->next) { +- /* +- * check session +- */ +- netsnmp_assert(NULL!=request->subtree); +- if(request->subtree->session != sess) +- continue; ++ for (i = 0; i <= asp->treecache_num; i++) { ++ for (request = asp->treecache[i].requests_begin; request; ++ request = request->next) { ++ /* ++ * check session ++ */ ++ netsnmp_assert(NULL!=request->subtree); ++ if(request->subtree->session != sess) ++ continue; + +- /* +- * matched! mark request as done +- */ +- netsnmp_request_set_error(request, SNMP_ERR_GENERR); +- ++count; ++ /* ++ * matched! mark request as done ++ */ ++ netsnmp_request_set_error(request, SNMP_ERR_GENERR); ++ ++count; ++ } ++ } ++ if (count) { ++ agent_snmp_session_mark_cancelled(asp); ++ total_count += count; + } + } + + /* + * if we found any, that request may be finished now + */ +- if(count) { ++ if(total_count) { + DEBUGMSGTL(("snmp_agent", "removed %d delegated request(s) for session " +- "%8p\n", count, sess)); +- netsnmp_check_outstanding_agent_requests(); ++ "%8p\n", total_count, sess)); ++ netsnmp_check_delegated_requests(); + } + +- return count; ++ return total_count; + } + + int +@@ -2739,19 +2754,11 @@ handle_var_requests(netsnmp_agent_sessio + return final_status; + } + +-/* +- * loop through our sessions known delegated sessions and check to see +- * if they've completed yet. If there are no more delegated sessions, +- * check for and process any queued requests +- */ + void +-netsnmp_check_outstanding_agent_requests(void) ++netsnmp_check_delegated_requests(void) + { + netsnmp_agent_session *asp, *prev_asp = NULL, *next_asp = NULL; + +- /* +- * deal with delegated requests +- */ + for (asp = agent_delegated_list; asp; asp = next_asp) { + next_asp = asp->next; /* save in case we clean up asp */ + if (!netsnmp_check_for_delegated(asp)) { +@@ -2790,6 +2797,22 @@ netsnmp_check_outstanding_agent_requests + prev_asp = asp; + } + } ++} ++ ++/* ++ * loop through our sessions known delegated sessions and check to see ++ * if they've completed yet. If there are no more delegated sessions, ++ * check for and process any queued requests ++ */ ++void ++netsnmp_check_outstanding_agent_requests(void) ++{ ++ netsnmp_agent_session *asp; ++ ++ /* ++ * deal with delegated requests ++ */ ++ netsnmp_check_delegated_requests(); + + /* + * if we are processing a set and there are more delegated +@@ -2819,7 +2842,8 @@ netsnmp_check_outstanding_agent_requests + + netsnmp_processing_set = netsnmp_agent_queued_list; + DEBUGMSGTL(("snmp_agent", "SET request remains queued while " +- "delegated requests finish, asp = %8p\n", asp)); ++ "delegated requests finish, asp = %8p\n", ++ agent_delegated_list)); + break; + } + #endif /* NETSNMP_NO_WRITE_SUPPORT */ +@@ -2880,6 +2904,11 @@ check_delayed_request(netsnmp_agent_sess + case SNMP_MSG_GETBULK: + case SNMP_MSG_GETNEXT: + netsnmp_check_all_requests_status(asp, 0); ++ if (agent_snmp_session_is_cancelled(asp)) { ++ printf("request %p is cancelled\n", asp); ++ DEBUGMSGTL(("snmp_agent","canceling next walk for asp %p\n", asp)); ++ break; ++ } + handle_getnext_loop(asp); + if (netsnmp_check_for_delegated(asp) && + netsnmp_check_transaction_id(asp->pdu->transid) != +@@ -3838,4 +3867,73 @@ netsnmp_set_all_requests_error(netsnmp_a + return error_value; + } + #endif /* NETSNMP_FEATURE_REMOVE_SET_ALL_REQUESTS_ERROR */ ++ ++/* ++ * Ugly hack to fix bug #950602 and preserve ABI ++ * (the official patch adds netsnmp_agent_session->flags). ++ * We must create parallel database of netsnmp_agent_sessions ++ * and put cancelled requests there instead of marking ++ * netsnmp_agent_session->flags. ++ */ ++static netsnmp_agent_session **cancelled_agent_snmp_sessions; ++static int cancelled_agent_snmp_sessions_count; ++static int cancelled_agent_snmp_sessions_max; ++ ++int ++agent_snmp_session_mark_cancelled(netsnmp_agent_session *session) ++{ ++ DEBUGMSGTL(("agent:cancelled", "Cancelling session %p\n", session)); ++ if (!session) ++ return 0; ++ if (cancelled_agent_snmp_sessions_count + 1 > cancelled_agent_snmp_sessions_max) { ++ netsnmp_agent_session **aux; ++ int max = cancelled_agent_snmp_sessions_max + 10; ++ aux = realloc(cancelled_agent_snmp_sessions, sizeof(netsnmp_agent_session*) * max); ++ if (!aux) ++ return SNMP_ERR_GENERR; ++ cancelled_agent_snmp_sessions = aux; ++ cancelled_agent_snmp_sessions_max = max; ++ } ++ cancelled_agent_snmp_sessions[cancelled_agent_snmp_sessions_count] = session; ++ cancelled_agent_snmp_sessions_count++; ++ return 0; ++} ++ ++int ++agent_snmp_session_is_cancelled(netsnmp_agent_session *session) ++{ ++ int i; ++ for (i=0; i +Date: Tue Feb 7 14:53:44 2012 +0100 + + CHANGES: PATCH 1633670: fixed snmpd crashing when an AgentX subagent disconnect in the middle of processing of a request. + + I fixed also the memory leak reported in the tracker comments. + +diff --git a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c +index c42a42a..baeebaf 100644 +--- a/agent/mibgroup/agentx/master.c ++++ b/agent/mibgroup/agentx/master.c +@@ -219,6 +219,9 @@ agentx_got_response(int operation, + if (!cache) { + DEBUGMSGTL(("agentx/master", "response too late on session %8p\n", + session)); ++ /* response is too late, free the cache */ ++ if (magic) ++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic); + return 0; + } + requests = cache->requests; +@@ -606,6 +609,8 @@ agentx_master_handler(netsnmp_mib_handler *handler, + result = snmp_async_send(ax_session, pdu, agentx_got_response, cb_data); + if (result == 0) { + snmp_free_pdu(pdu); ++ if (cb_data) ++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) cb_data); + } + + return SNMP_ERR_NOERROR; +diff --git a/agent/mibgroup/agentx/master_admin.c b/agent/mibgroup/agentx/master_admin.c +index f16f392..b84b85e 100644 +--- a/agent/mibgroup/agentx/master_admin.c ++++ b/agent/mibgroup/agentx/master_admin.c +@@ -133,11 +133,16 @@ close_agentx_session(netsnmp_session * session, int sessid) + * requests, so that the delegated request will be completed and + * further requests can be processed + */ +- netsnmp_remove_delegated_requests_for_session(session); ++ while (netsnmp_remove_delegated_requests_for_session(session)) { ++ DEBUGMSGTL(("agentx/master", "Continue removing delegated reqests\n")); ++ } ++ + if (session->subsession != NULL) { + netsnmp_session *subsession = session->subsession; + for(; subsession; subsession = subsession->next) { +- netsnmp_remove_delegated_requests_for_session(subsession); ++ while (netsnmp_remove_delegated_requests_for_session(subsession)) { ++ DEBUGMSGTL(("agentx/master", "Continue removing delegated subsession reqests\n")); ++ } + } + } + diff --git a/net-snmp.spec b/net-snmp.spec index 3990ae1..057956e 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -39,6 +39,8 @@ Patch6: net-snmp-5.6-test-debug.patch Patch7: net-snmp-5.7.2-systemd.patch Patch8: net-snmp-5.7.2-python-ipaddress-size.patch Patch9: net-snmp-5.7.2-btrfs.patch +Patch10: net-snmp-5.7-agentx-crash.patch +Patch11: net-snmp-5.5-agentx-disconnect-crash.patch Requires(post): chkconfig Requires(preun): chkconfig @@ -203,6 +205,8 @@ cp %{SOURCE12} . %patch7 -p1 -b .systemd %patch8 -p1 -b .ipaddress-size %patch9 -p1 -b .btrfs +%patch10 -p1 -b .agentx-crash +%patch11 -p1 -b .agentx-disconnect-crash %ifarch sparc64 s390 s390x # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 @@ -497,6 +501,10 @@ rm -rf ${RPM_BUILD_ROOT} %{_initrddir}/snmptrapd %changelog +* Thu Dec 5 2013 Jan Safranek 1:5.7.2-7 +- Fixed snmpd crashing when AgentX subagent disconnects in the middle of + request processing (#1038011) + * Fri Nov 8 2013 Jan Safranek 1:5.7.2-6 - Added btrfs support to hrFSTable From 9b8b0d01901e961640b3c9aa1dff810da4d8a960 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Thu, 5 Dec 2013 13:21:48 +0100 Subject: [PATCH 5/5] version++ --- net-snmp.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-snmp.spec b/net-snmp.spec index 057956e..a2d1d04 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -11,7 +11,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.7.2 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 1 License: BSD