| author | Ronald Jordan <ron.jordan@oracle.com> |
| Tue, 11 Oct 2016 11:55:12 -0700 | |
| branch | s11u3-sru |
| changeset 7085 | cad8ee01213d |
| parent 7019 | de736f0de312 |
| permissions | -rw-r--r-- |
|
7019
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
1 |
This patch fixes a security issue where snmp_pdu_parse() function |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
2 |
could leave incompletely parsed varBind variables in the list of |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
3 |
variables. A remote, unauthenticated attacker could exploit this |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
4 |
flaw to cause a crash or, potentially, execute arbitrary code. |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
5 |
The vulnerability is fixed in the upsream and below is the link |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
6 |
to the upstream bug. |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
7 |
https://sourceforge.net/p/net-snmp/bugs/2615/ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
8 |
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
9 |
--- net-snmp-5.4.1/snmplib/snmp_api.c 2016-09-20 04:29:08.940393100 -0700 |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
10 |
+++ copy_net-snmp-5.4.1/snmplib/snmp_api.c 2016-09-20 04:50:11.450793400 -0700 |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
11 |
@@ -4273,7 +4273,7 @@ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
12 |
int badtype = 0; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
13 |
size_t len; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
14 |
size_t four; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
15 |
- netsnmp_variable_list *vp = NULL; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
16 |
+ netsnmp_variable_list *vp = NULL, *vplast = NULL; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
17 |
oid objid[MAX_OID_LEN]; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
18 |
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
19 |
/* |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
20 |
@@ -4408,38 +4408,24 @@ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
21 |
(ASN_SEQUENCE | ASN_CONSTRUCTOR), |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
22 |
"varbinds"); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
23 |
if (data == NULL) |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
24 |
- return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
25 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
26 |
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
27 |
/* |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
28 |
* get each varBind sequence |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
29 |
*/ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
30 |
while ((int) *length > 0) {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
31 |
- netsnmp_variable_list *vptemp; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
32 |
- vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp)); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
33 |
- if (0 == vptemp) {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
34 |
- return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
35 |
- } |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
36 |
- if (0 == vp) {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
37 |
- pdu->variables = vptemp; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
38 |
- } else {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
39 |
- vp->next_variable = vptemp; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
40 |
- } |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
41 |
- vp = vptemp; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
42 |
- |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
43 |
- vp->next_variable = NULL; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
44 |
- vp->val.string = NULL; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
45 |
+ vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
46 |
+ if (NULL == vp) |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
47 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
48 |
vp->name_length = MAX_OID_LEN; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
49 |
- vp->name = 0; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
50 |
- vp->index = 0; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
51 |
- vp->data = 0; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
52 |
- vp->dataFreeHook = 0; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
53 |
+ vp->type = 0; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
54 |
DEBUGDUMPSECTION("recv", "VarBind");
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
55 |
data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type, |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
56 |
&vp->val_len, &var_val, length); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
57 |
if (data == NULL) |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
58 |
- return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
59 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
60 |
if (snmp_set_var_objid(vp, objid, vp->name_length)) |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
61 |
- return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
62 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
63 |
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
64 |
len = MAX_PACKET_LENGTH; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
65 |
DEBUGDUMPHEADER("recv", "Value");
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
66 |
@@ -4504,7 +4490,7 @@ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
67 |
vp->val.string = (u_char *) malloc(vp->val_len); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
68 |
} |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
69 |
if (vp->val.string == NULL) {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
70 |
- return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
71 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
72 |
} |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
73 |
asn_parse_string(var_val, &len, &vp->type, vp->val.string, |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
74 |
&vp->val_len); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
75 |
@@ -4515,7 +4501,7 @@ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
76 |
vp->val_len *= sizeof(oid); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
77 |
vp->val.objid = (oid *) malloc(vp->val_len); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
78 |
if (vp->val.objid == NULL) {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
79 |
- return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
80 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
81 |
} |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
82 |
memmove(vp->val.objid, objid, vp->val_len); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
83 |
break; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
84 |
@@ -4527,19 +4513,32 @@ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
85 |
case ASN_BIT_STR: |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
86 |
vp->val.bitstring = (u_char *) malloc(vp->val_len); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
87 |
if (vp->val.bitstring == NULL) {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
88 |
- return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
89 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
90 |
} |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
91 |
asn_parse_bitstring(var_val, &len, &vp->type, |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
92 |
vp->val.bitstring, &vp->val_len); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
93 |
break; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
94 |
default: |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
95 |
snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
96 |
- badtype = -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
97 |
+ goto fail; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
98 |
break; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
99 |
} |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
100 |
DEBUGINDENTADD(-4); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
101 |
+ if (NULL == vplast) {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
102 |
+ pdu->variables = vp; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
103 |
+ } else {
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
104 |
+ vplast->next_variable = vp; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
105 |
+ } |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
106 |
+ vplast = vp; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
107 |
+ vp = NULL; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
108 |
} |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
109 |
- return badtype; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
110 |
+ return 0; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
111 |
+ fail: |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
112 |
+ DEBUGMSGTL(("recv", "error while parsing VarBindList\n"));
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
113 |
+ /** if we were parsing a var, remove it from the pdu and free it */ |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
114 |
+ if (vp) |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
115 |
+ snmp_free_var(vp); |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
116 |
+ return -1; |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
117 |
} |
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
118 |
|
|
de736f0de312
21544351 CVE-2015-5621snmp_pdu_parse() incompletely parsed varBinds left in variable list
Vishwas Shekarappa Gudiyavar <vishwas.shekarappa.gudiyavar@oracle.com>
parents:
diff
changeset
|
119 |
/* |