rpms
/
net-snmp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import net-snmp-5.8-27.el8

This commit is contained in:
CentOS Sources 2023-03-28 08:56:04 +00:00 committed by Stepan Oksanichenko
parent 30067736d1
commit d34583ae9c
6 changed files with 347 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
SOURCES/net-snmp-5.8-CVE-2022-44792-44793.patch Normal file
View File

@ -0,0 +1,129 @@
From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:24 -0800
Subject: [PATCH 1/3] snmp_agent: disallow SET with NULL varbind
---
agent/snmp_agent.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 867d0c166f..3f678fe2df 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
return 1;
}
+static int
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
+{
+ int i;
+ netsnmp_variable_list *v = NULL;
+
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
+ if (v->type == ASN_NULL) {
+ /*
+ * Protect SET implementations that do not protect themselves
+ * against wrong type.
+ */
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
+ asp->index = i;
+ return SNMP_ERR_WRONGTYPE;
+ }
+ }
+ return SNMP_ERR_NOERROR;
+}
+
int
handle_pdu(netsnmp_agent_session *asp)
{
int status, inclusives = 0;
netsnmp_variable_list *v = NULL;
+#ifndef NETSNMP_NO_WRITE_SUPPORT
+ /*
+ * Check for ASN_NULL in SET request
+ */
+ if (asp->pdu->command == SNMP_MSG_SET) {
+ status = check_set_pdu_for_null_varbind(asp);
+ if (status != SNMP_ERR_NOERROR) {
+ return status;
+ }
+ }
+#endif /* NETSNMP_NO_WRITE_SUPPORT */
+
/*
* for illegal requests, mark all nodes as ASN_NULL
*/
From 7f4ac4051cc7fec6a5944661923acb95cec359c7 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:46 -0800
Subject: [PATCH 2/3] apps: snmpset: allow SET with NULL varbind for testing
---
apps/snmpset.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/apps/snmpset.c b/apps/snmpset.c
index 48e14bd513..d542713e1b 100644
--- a/apps/snmpset.c
+++ b/apps/snmpset.c
@@ -182,6 +182,7 @@ main(int argc, char *argv[])
case 'x':
case 'd':
case 'b':
+ case 'n': /* undocumented */
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case 'I':
case 'U':
From 15f9d7f7e5b90c9b419832ed8e6413feb6570d83 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 10:23:32 -0800
Subject: [PATCH 3/3] Add test for NULL varbind set
---
.../default/T0142snmpv2csetnull_simple | 31 +++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
new file mode 100644
index 0000000000..0f1b8f386b
--- /dev/null
+++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. ../support/simple_eval_tools.sh
+
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
+
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT
+SKIPIF NETSNMP_NO_WRITE_SUPPORT
+SKIPIF NETSNMP_DISABLE_SNMPV2C
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
+
+#
+# Begin test
+#
+
+# standard V2C configuration: testcomunnity
+snmp_write_access='all'
+. ./Sv2cconfig
+STARTAGENT
+
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
+
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
+
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
+
+CHECK "Reason: wrongType"
+
+STOPAGENT
+
+FINISHED

35
SOURCES/net-snmp-5.8-dev-mem-leak.patch Normal file
View File

@ -0,0 +1,35 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a216..215b30e806 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

38
SOURCES/net-snmp-5.8-ipv6-disable-leak.patch Normal file
View File

@ -0,0 +1,38 @@
diff -up net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
--- net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 2022-10-13 11:10:12.206072210 +0200
+++ net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c 2022-10-13 11:10:40.893111569 +0200
@@ -566,6 +566,7 @@ _systemstats_v6_load_systemstats(netsnmp
DEBUGMSGTL(("access:systemstats",
"Failed to load Systemstats Table (linux1), cannot open %s\n",
filename));
+ netsnmp_access_systemstats_entry_free(entry);
return 0;
}
diff --git a/agent/mibgroup/ucd-snmp/lmsensorsMib.c b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
index f709812fdc..ef93eeedc9 100644
--- a/agent/mibgroup/ucd-snmp/lmsensorsMib.c
+++ b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
@@ -94,7 +94,9 @@ initialize_lmSensorsTable(const char *tableName, const oid *tableOID,
netsnmp_table_helper_add_indexes(table_info, ASN_INTEGER, 0);
table_info->min_column = COLUMN_LMSENSORS_INDEX;
table_info->max_column = COLUMN_LMSENSORS_VALUE;
- netsnmp_container_table_register( reg, table_info, container, 0 );
+ if (netsnmp_container_table_register(reg, table_info, container, 0) !=
+ SNMPERR_SUCCESS)
+ return;
/*
* If the HAL sensors module was configured as an on-demand caching
diff -up net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 net-snmp-5.7.2/snmplib/snmp_logging.c
--- net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 2022-10-13 11:11:25.599172905 +0200
+++ net-snmp-5.7.2/snmplib/snmp_logging.c 2022-10-13 11:12:26.986257126 +0200
@@ -534,7 +534,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

92
SOURCES/net-snmp-5.8-memleak-backport.patch Normal file
View File

@ -0,0 +1,92 @@
From c6facf2f080c9e1ea803e4884dc92889ec83d990 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Wed, 10 Oct 2018 21:42:35 -0700
Subject: [PATCH] snmplib/keytools: Fix a memory leak
Avoid that Valgrind reports the following memory leak:
17,328 bytes in 361 blocks are definitely lost in loss record 696 of 704
at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
by 0x52223B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x52DDB06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x4E9885D: generate_Ku (keytools.c:186)
by 0x40171F: asynchronous (leaktest.c:276)
by 0x400FE7: main (leaktest.c:356)
---
snmplib/keytools.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
index 2cf0240abf..dcdae044ac 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -186,11 +186,15 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
ctx = EVP_MD_CTX_create();
#else
ctx = malloc(sizeof(*ctx));
- if (!EVP_MD_CTX_init(ctx))
- return SNMPERR_GENERR;
+ if (!EVP_MD_CTX_init(ctx)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#endif
- if (!EVP_DigestInit(ctx, hashfn))
- return SNMPERR_GENERR;
+ if (!EVP_DigestInit(ctx, hashfn)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
From 67726f2a74007b5b4117fe49ca1e02c86110b624 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Tue, 9 Oct 2018 23:28:25 +0000
Subject: [PATCH] snmplib: Fix a memory leak in scapi.c
This patch avoids that Valgrind reports the following leak:
==1069== 3,456 bytes in 72 blocks are definitely lost in loss record 1,568 of 1,616
==1069== at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==1069== by 0x70A63B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x7161B06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x4EA3017: sc_hash (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1CD8: hash_engineID (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1DEC: search_enginetime_list (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA2256: set_enginetime (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC495E: usm_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC58CA: usm_secmod_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7B91D: snmpv3_parse (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7C1F6: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7CE94: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
[ bvanassche: minimized diffs / edited commit message ]
---
snmplib/scapi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
index 8ad1d70d90..54310099d8 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
/* requested hash function is not available */
- return SNMPERR_SC_NOT_CONFIGURED;
+ rval = SNMPERR_SC_NOT_CONFIGURED;
+ goto sc_hash_type_quit;
}
/** pass the data */
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
+
+sc_hash_type_quit:
#if defined(HAVE_EVP_MD_CTX_FREE)
EVP_MD_CTX_free(cptr);
#elif defined(HAVE_EVP_MD_CTX_DESTROY)

33
SOURCES/net-snmp-5.8-proxy-time-out.patch Normal file
View File

@ -0,0 +1,33 @@
From 6fd7499ccaafdf244a74306972562b2091cb91b1 Mon Sep 17 00:00:00 2001
From: fisabelle <fisabelle@broadsoft.com>
Date: Thu, 9 Jul 2020 15:49:35 -0400
Subject: [PATCH] Issue#147: Net-SNMP not responding when proxy requests times
out
---
agent/mibgroup/ucd-snmp/proxy.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index 24ae9322bd..e0ee96b29a 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -572,6 +572,17 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
}
switch (operation) {
+ case NETSNMP_CALLBACK_OP_RESEND:
+ /*
+ * Issue#147: Net-SNMP not responding when proxy requests times out
+ *
+ * When snmp_api issue a resend, the default case was hit and the
+ * delagated cache was freed.
+ * As a result, the NETSNMP_CALLBACK_OP_TIMED_OUT never came in.
+ */
+ DEBUGMSGTL(("proxy", "pdu has been resent for request = %8p\n", requests));
+ return SNMP_ERR_NOERROR;
+
case NETSNMP_CALLBACK_OP_TIMED_OUT:
/*
* WWWXXX: don't leave requests delayed if operation is

21
SPECS/net-snmp.spec
View File

@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.8
Release: 25%{?dist}
Release: 27%{?dist}
Epoch: 1
License: BSD
@ -71,6 +71,11 @@ Patch42: net-snmp-5.8-engine-id.patch
Patch43: net-snmp-5.8-certs.patch
Patch44: net-snmp-5.8-util-fix.patch
Patch45: net-snmp-5.8-deleted-iface.patch
Patch46: net-snmp-5.8-memleak-backport.patch
Patch47: net-snmp-5.8-dev-mem-leak.patch
Patch48: net-snmp-5.8-CVE-2022-44792-44793.patch
Patch49: net-snmp-5.8-ipv6-disable-leak.patch
Patch50: net-snmp-5.8-proxy-time-out.patch
# Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -241,6 +246,11 @@ rm -r python
%patch43 -p1 -b .certs
%patch44 -p1 -b .utils
%patch45 -p1 -b .ifaces
%patch46 -p1 -b .memleak-backport
%patch47 -p1 -b .dev-mem-leak
%patch48 -p1
%patch49 -p1 -b .ipv6-disable-leak
%patch50 -p1 -b .proxy-time-out
%patch101 -p1 -b .modern-rpm-api
@ -495,6 +505,15 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog
* Tue Jan 31 2023 Josef Ridky <jridky@redhat.com> - 1:5.8-27
- fix memory leak due of proc file creating (#2105957)
- fix CVE-2022-44792 and CVE-2022-44793 (#2141901) and (#2141905)
- fix memory leak when ipv6 disable set to 1 (#2151537)
- fix proxy timeout issue (#2160723)
* Mon Oct 17 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-26
- backport two memory leaks from upstream (#2134635)
* Mon Feb 21 2022 Josef Ridky <jridky@redhat.com> - 1:5.8-25
- fix segfault with error on subcontainer (#2051370)