Fixed snmpstatus crashing when receiving invalid response

Resolves: #1233738

net-snmp-5.7.3-snmpstatus-null.patch

@@ -0,0 +1,69 @@
+commit bec6243394ed78897c14e3fa46f934e0ea3d453e
+Author: Jan Safranek <jsafranek@users.sourceforge.net>
+Date:   Fri Jun 26 13:30:07 2015 +0200
+
+    snmpstatus: CHANGES: Fixed crash when receiving non-standard compliant responses.
+    
+    Some HW sends ifOperStatus as NULL instead of INTEGER type. We should not try to dereference this NULL.
+
+diff --git a/apps/snmpstatus.c b/apps/snmpstatus.c
+index ae08369..6f31c42 100644
+--- a/apps/snmpstatus.c
++++ b/apps/snmpstatus.c
+@@ -310,30 +310,38 @@ main(int argc, char *argv[])
+                         continue;
+                     }
+                     if (vars->name_length >= length_ifOperStatus
+-                        && !memcmp(objid_ifOperStatus, vars->name,
+-                                   sizeof(objid_ifOperStatus))) {
++                            && !memcmp(objid_ifOperStatus, vars->name,
++                                    sizeof(objid_ifOperStatus))
++                            && vars->type == ASN_INTEGER
++                            && vars->val.integer) {
+                         if (*vars->val.integer != MIB_IFSTATUS_UP)
+                             down_interfaces++;
+                         snmp_add_null_var(pdu, vars->name,
+                                           vars->name_length);
+                         good_var++;
+-                    } else if (vars->name_length >= length_ifInUCastPkts &&
+-                               !memcmp(objid_ifInUCastPkts, vars->name,
+-                                       sizeof(objid_ifInUCastPkts))) {
++                    } else if (vars->name_length >= length_ifInUCastPkts
++                            &&!memcmp(objid_ifInUCastPkts, vars->name,
++                                    sizeof(objid_ifInUCastPkts))
++                            && vars->type == ASN_COUNTER
++                            && vars->val.integer) {
+                         ipackets += *vars->val.integer;
+                         snmp_add_null_var(pdu, vars->name,
+                                           vars->name_length);
+                         good_var++;
+                     } else if (vars->name_length >= length_ifInNUCastPkts
+                                && !memcmp(objid_ifInNUCastPkts, vars->name,
+-                                          sizeof(objid_ifInNUCastPkts))) {
++                                          sizeof(objid_ifInNUCastPkts))
++                               && vars->type == ASN_COUNTER
++                               && vars->val.integer) {
+                         ipackets += *vars->val.integer;
+                         snmp_add_null_var(pdu, vars->name,
+                                           vars->name_length);
+                         good_var++;
+                     } else if (vars->name_length >= length_ifOutUCastPkts
+                                && !memcmp(objid_ifOutUCastPkts, vars->name,
+-                                          sizeof(objid_ifOutUCastPkts))) {
++                                          sizeof(objid_ifOutUCastPkts))
++                               && vars->type == ASN_COUNTER
++                               && vars->val.integer) {
+                         opackets += *vars->val.integer;
+                         snmp_add_null_var(pdu, vars->name,
+                                           vars->name_length);
+@@ -341,7 +349,9 @@ main(int argc, char *argv[])
+                     } else if (vars->name_length >= length_ifOutNUCastPkts
+                                && !memcmp(objid_ifOutNUCastPkts,
+                                           vars->name,
+-                                          sizeof(objid_ifOutNUCastPkts))) {
++                                          sizeof(objid_ifOutNUCastPkts))
++                               && vars->type == ASN_COUNTER
++                               && vars->val.integer) {
+                         opackets += *vars->val.integer;
+                         snmp_add_null_var(pdu, vars->name,
+                                           vars->name_length);

net-snmp.spec

@@ -11,7 +11,7 @@
 Summary: A collection of SNMP protocol tools and libraries
 Name: net-snmp
 Version: 5.7.3
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 1
 
 License: BSD
@@ -41,6 +41,7 @@ Patch8: net-snmp-5.7.2-autoreconf.patch
 Patch9: net-snmp-5.7-agentx-crash.patch
 Patch10: net-snmp-5.5-agentx-disconnect-crash.patch
 Patch11: net-snmp-5.7.2-cert-path.patch
+Patch12: net-snmp-5.7.3-snmpstatus-null.patch
 
 Requires(post): chkconfig
 Requires(preun): chkconfig
@@ -208,6 +209,7 @@ cp %{SOURCE12} .
 %patch9 -p1 -b .agentx-crash
 %patch10 -p1 -b .agentx-disconnect-crash
 %patch11 -p1 -b .cert-path
+%patch12 -p1 -b .snmpstatus-null
 
 %ifarch sparc64 s390 s390x
 # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@@ -515,6 +517,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Fri Jun 26 2015 Jan Safranek <jsafrane@redhat.com> - 1:5.7.3-5
+- Fixed snmpstatus crashing when receiving invalid response (#1233738)
+
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:5.7.3-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild