import CS net-snmp-5.8-30.el8

This commit is contained in:
eabdullin 2024-05-22 10:45:17 +00:00
parent e3bf1b1cee
commit b8ced33253
5 changed files with 418 additions and 1 deletions

View File

@ -0,0 +1,163 @@
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Tue, 24 Aug 2021 07:55:00 -0700
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
When a SET request includes a mix of delegated and
non-delegated requests (e.g., objects handled by master
agent and agentx sub-agent), the status can get lost while
waiting for the reply from the sub-agent. Recover the status
into the session from the requests even if it has already
been processed.
---
agent/snmp_agent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 84fbb42b47..095ee70985 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
if (requests->status != SNMP_ERR_NOERROR &&
(!look_for_specific || requests->status == look_for_specific)
&& (look_for_specific || asp->index == 0
- || requests->index < asp->index)) {
+ || requests->index <= asp->index)) {
asp->index = requests->index;
asp->status = requests->status;
}
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Wed, 30 Jun 2021 14:00:28 -0700
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
Fixes by: Arista Networks
---
agent/mibgroup/agent/nsLogging.c | 6 ++++++
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
agent/mibgroup/mibII/vacm_vars.c | 3 +++
agent/mibgroup/snmpv3/usmUser.c | 2 --
4 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
index 9abdeb5bb7..7f4290490a 100644
--- a/agent/mibgroup/agent/nsLogging.c
+++ b/agent/mibgroup/agent/nsLogging.c
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
}
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
continue;
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
switch (table_info->colnum) {
case NSLOGGING_TYPE:
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
index cc61fce7e6..6c43210074 100644
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
entry = (struct vacm_accessEntry *)
netsnmp_extract_iterator_context(request);
table_info = netsnmp_extract_table_info(request);
+ if (!table_info || !table_info->indexes)
+ continue;
ret = SNMP_ERR_NOERROR;
switch (table_info->colnum) {
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
* Extract the authType token from the list of indexes
*/
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
idx = idx->next_variable; model = *idx->val.integer;
idx = idx->next_variable; level = *idx->val.integer;
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
- entry->storageType = ST_NONVOLATILE;
- netsnmp_insert_iterator_context(request, (void*)entry);
+ if (entry) {
+ entry->storageType = ST_NONVOLATILE;
+ netsnmp_insert_iterator_context(request, (void*)entry);
+ }
}
}
}
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
/* Extract the authType token from the list of indexes */
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
+ if (idx->val_len >= sizeof(atype))
+ continue;
memset(atype, 0, sizeof(atype));
memcpy(atype, (char *)idx->val.string, idx->val_len);
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
index 469a1eba59..62c9a3d051 100644
--- a/agent/mibgroup/mibII/vacm_vars.c
+++ b/agent/mibgroup/mibII/vacm_vars.c
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
return 1;
}
groupNameL = oidIndex[0];
+ if ((groupNameL + 1) > (int) oidLen) {
+ return 1;
+ }
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
return 1;
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
index 0f52aaba49..0edea53cfb 100644
--- a/agent/mibgroup/snmpv3/usmUser.c
+++ b/agent/mibgroup/snmpv3/usmUser.c
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
if (usmStatusCheck(uptr)) {
uptr->userStatus = RS_ACTIVE;
} else {
- SNMP_FREE(engineID);
- SNMP_FREE(newName);
return SNMP_ERR_INCONSISTENTVALUE;
}
} else if (long_ret == RS_CREATEANDWAIT) {

View File

@ -0,0 +1,143 @@
From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001
From: Yuwei Ba <i@xiaoba.me>
Date: Fri, 21 Aug 2020 15:06:10 +0800
Subject: [PATCH] snmpd: support MemAvailable on Linux
See also https://github.com/net-snmp/net-snmp/pull/167 .
[bvanassche: modified the behavior of this patch]
---
agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++-
agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++-
agent/mibgroup/ucd-snmp/memory.h | 1 +
include/net-snmp/agent/hardware/memory.h | 1 +
mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++
5 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86cde4..4ae235c2d0 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
static int first = 1;
ssize_t bytes_read;
char *b;
- unsigned long memtotal = 0, memfree = 0, memshared = 0,
+ int have_memavail = 0;
+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0,
buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "MemAvailable: ");
+ if (b) {
+ have_memavail = 1;
+ sscanf(b, "MemAvailable: %lu", &memavail);
+ }
b = strstr(buff, "MemFree: ");
if (b)
sscanf(b, "MemFree: %lu", &memfree);
@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
mem->other = -1;
}
+ if (have_memavail) {
+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1);
+ if (mem) {
+ if (!mem->descr)
+ mem->descr = strdup("Available memory");
+ mem->units = 1024;
+ mem->size = memavail;
+ mem->free = memavail;
+ mem->other = -1;
+ }
+ }
+
mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 );
if (!mem) {
snmp_log_perror("No Virtual Memory info entry");
diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c
index 371a77e9a5..158b28e67b 100644
--- a/agent/mibgroup/ucd-snmp/memory.c
+++ b/agent/mibgroup/ucd-snmp/memory.c
@@ -26,7 +26,7 @@ init_memory(void)
netsnmp_create_handler_registration("memory", handle_memory,
memory_oid, OID_LENGTH(memory_oid),
HANDLER_CAN_RONLY),
- 1, 26);
+ 1, 27);
netsnmp_register_scalar(
netsnmp_create_handler_registration("memSwapError", handle_memory,
memSwapError_oid, OID_LENGTH(memSwapError_oid),
@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler,
c64.low = val & 0xFFFFFFFF;
c64.high = val >>32;
break;
+ case MEMORY_SYS_AVAIL:
+ type = ASN_COUNTER64;
+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0);
+ if (!mem_info)
+ goto NOSUCH;
+ val = mem_info->size; /* memavail */
+ val *= (mem_info->units/1024);
+ c64.low = val & 0xFFFFFFFF;
+ c64.high = val >> 32;
+ break;
case MEMORY_SWAP_ERROR:
mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 );
if (!mem_info)
diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h
index ded2140227..54a56a2fdb 100644
--- a/agent/mibgroup/ucd-snmp/memory.h
+++ b/agent/mibgroup/ucd-snmp/memory.h
@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory;
#define MEMORY_SHARED_X 24
#define MEMORY_BUFFER_X 25
#define MEMORY_CACHED_X 26
+#define MEMORY_SYS_AVAIL 27
#define MEMORY_SWAP_ERROR 100
#define MEMORY_SWAP_ERRMSG 101
#endif /* MEMORY_H */
diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h
index 54265cf22a..aca3a4d00d 100644
--- a/include/net-snmp/agent/hardware/memory.h
+++ b/include/net-snmp/agent/hardware/memory.h
@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info;
#define NETSNMP_MEM_TYPE_SHARED 8
#define NETSNMP_MEM_TYPE_SHARED2 9
#define NETSNMP_MEM_TYPE_SWAP 10
+#define NETSNMP_MEM_TYPE_AVAILMEM 11
/* Leave space for individual swap devices */
#define NETSNMP_MEM_TYPE_MAX 30
diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt
index cde67feb50..d360bad025 100644
--- a/mibs/UCD-SNMP-MIB.txt
+++ b/mibs/UCD-SNMP-MIB.txt
@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE
memory as specifically reserved for this purpose."
::= { memory 26 }
+memSysAvail OBJECT-TYPE
+ SYNTAX CounterBasedGauge64
+ UNITS "kB"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total amount of available memory, which is an estimate
+ of how much memory is available for starting new applications,
+ without swapping.
+
+ This object will not be implemented on hosts where the
+ underlying operating system does not explicitly identify
+ memory as specifically reserved for this purpose."
+ ::= { memory 27 }
+
+
memSwapError OBJECT-TYPE
SYNTAX UCDErrorFlag
MAX-ACCESS read-only

View File

@ -0,0 +1,46 @@
From b67afb81eb0f7ad89496cd3e672654bfd8c55d0e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 21 Mar 2020 20:03:13 -0700
Subject: [PATCH] snmpd: UCD-SNMP proxy: Fix a crash triggered by a wrong
passphrase
See also https://github.com/net-snmp/net-snmp/issues/82 .
---
agent/mibgroup/ucd-snmp/proxy.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index f4eb03ef6f..548ae7588f 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -698,8 +698,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
"proxy OID return length too long.\n");
netsnmp_set_request_error(cache->reqinfo, requests,
SNMP_ERR_GENERR);
- if (pdu)
- snmp_free_pdu(pdu);
netsnmp_free_delegated_cache(cache);
return 1;
}
@@ -723,8 +721,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
* ack, this is bad. The # of varbinds don't match and
* there is no way to fix the problem
*/
- if (pdu)
- snmp_free_pdu(pdu);
snmp_log(LOG_ERR,
"response to proxy request illegal. We're screwed.\n");
netsnmp_set_request_error(cache->reqinfo, requests,
@@ -735,11 +731,6 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
if (cache->reqinfo->mode == MODE_GETBULK)
netsnmp_bulk_to_next_fix_requests(requests);
- /*
- * free the response
- */
- if (pdu && 0)
- snmp_free_pdu(pdu);
break;
default:

View File

@ -0,0 +1,48 @@
From 7330e3e3e08d9baff23332e764f9a53561939fff Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 2 Sep 2021 21:06:54 -0700
Subject: [PATCH] libsnmp: Log "Truncating integer value >32 bits" once
Log this message once instead of every time sysUpTime and/or
hrSystemUptime are accessed after snmpd is running for more than 497 days.
Fixes: https://github.com/net-snmp/net-snmp/issues/144
---
snmplib/snmp_client.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/snmplib/snmp_client.c b/snmplib/snmp_client.c
index 0f539c63fe..b00670d973 100644
--- a/snmplib/snmp_client.c
+++ b/snmplib/snmp_client.c
@@ -853,7 +853,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const u_long *) value;
*(vars->val.integer) = *val_ulong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -865,7 +866,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const unsigned long long *) value;
*(vars->val.integer) = (long) *val_ullong;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}
@@ -877,7 +879,8 @@ snmp_set_var_value(netsnmp_variable_list * vars,
= (const uintmax_t *) value;
*(vars->val.integer) = (long) *val_uintmax_t;
if (*(vars->val.integer) > 0xffffffff) {
- snmp_log(LOG_ERR,"truncating integer value > 32 bits\n");
+ NETSNMP_LOGONCE((LOG_INFO,
+ "truncating integer value > 32 bits\n"));
*(vars->val.integer) &= 0xffffffff;
}
}

View File

@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
Release: 28%{?dist}
Release: 30%{?dist}
Epoch: 1
License: BSD
@ -77,6 +77,10 @@ Patch48: net-snmp-5.8-CVE-2022-44792-44793.patch
Patch49: net-snmp-5.8-ipv6-disable-leak.patch
Patch50: net-snmp-5.8-proxy-time-out.patch
Patch51: net-snmp-5.8-sendmsg-error-code.patch
Patch52: net-snmp-5.8-memavailable.patch
Patch53: net-snmp-5.8-proxy.patch
Patch54: net-snmp-5.8-truncating-log-once.patch
Patch55: net-snmp-5.8-CVE-2022-24805-24810.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -253,6 +257,10 @@ rm -r python
%patch49 -p1 -b .ipv6-disable-leak
%patch50 -p1 -b .proxy-time-out
%patch51 -p1 -b .sendmsg-error-code
%patch52 -p1 -b .memavailable
%patch53 -p1 -b .proxy
%patch54 -p1 -b .truncating-log-once
%patch55 -p1 -b .CVE-2022-24805-24810
%patch101 -p1 -b .modern-rpm-api
@ -507,6 +515,15 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Mon Mar 04 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-30
- fix crash when configured as proxy - issue 82 (RHEL-14454)
- log once truncating issue (RHEL-13597)
- fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
CVE-2022-24809 and CVE-2022-24810 (RHEL-26650)
* Tue Jan 23 2024 Josef Ridky <jridky@redhat.com> - 1:5.8-29
- backport MemAvailable report from upstream (RHEL-21780)
* Wed Aug 02 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-28
- fix sendmsg error code for new kernel (#2185787)