18721173 problem in UTILITY/NET-SNMP
authorTomas Klacko <tomas.klacko@oracle.com>
Mon, 23 Jun 2014 13:36:30 -0700
changeset 1965 374a90784fdd
parent 1964 aaaf769f15a7
child 1966 16b1df9b66d4
18721173 problem in UTILITY/NET-SNMP
components/net-snmp/patches/042.16634190.kernel_sunos5.patch
components/net-snmp/patches/043.15805491.hr_filesys.patch
components/net-snmp/patches/043.16634190.kernel_sunos5.patch
components/net-snmp/patches/044.15805491.hr_filesys.patch
components/net-snmp/patches/044.16003771.agent_registry.patch
components/net-snmp/patches/045.16003771.agent_registry.patch
components/net-snmp/patches/046.18721173.patch
--- a/components/net-snmp/patches/042.16634190.kernel_sunos5.patch	Mon Jun 23 13:31:06 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-This patch fixes a Solaris specific issue related to incorrect
-reporting of network interface speed inside a zone. The patch has 
-been submitted to the community but has not been accepted yet.
-
-The details can be found in the following location
-https://sourceforge.net/p/net-snmp/patches/1277/
---- net-snmp-5.4.1.old/agent/mibgroup/kernel_sunos5.c	2014-03-28 14:54:11.259600880 -0400
-+++ net-snmp-5.4.1/agent/mibgroup/kernel_sunos5.c	2014-03-28 14:52:32.837130820 -0400
[email protected]@ -1908,8 +1908,10 @@
-          * this is good 
-          */
- 	havespeed = B_TRUE;
-+    } else if ((getKstatInt("link", name, "ifspeed", &ifp->ifSpeed) == 0) ||
-+               (getKstatInt("link", name, "ifSpeed", &ifp->ifSpeed) == 0)) {
-+        havespeed = B_TRUE;
-     }
--
-     /* make ifOperStatus depend on link status if available */
-     if (ifp->ifAdminStatus == 1) {
-         int i_tmp;
--- a/components/net-snmp/patches/043.15805491.hr_filesys.patch	Mon Jun 23 13:31:06 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-This patch taken from the net-snmp community fixes an issue related to mismatch of the 
-indices in the host resources tables for monitoring disk storage.
- 
-The details for the upstream bug/patch are given below.
-BUG: 1557372: Realign hrFSStorageIndex with hrStorageTable
-http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=revision&revision=17138
-
---- net-snmp-5.4.1.old/agent/mibgroup/host/hr_filesys.c	2014-03-25 07:06:17.172039070 -0400
-+++ net-snmp-5.4.1/agent/mibgroup/host/hr_filesys.c	    2014-03-25 07:10:05.467869740 -0400
[email protected]@ -4,6 +4,9 @@
-  */
- 
- #include <net-snmp/net-snmp-config.h>
-+#include <net-snmp/net-snmp-includes.h>
-+#include <net-snmp/agent/net-snmp-agent-includes.h>
-+#include <net-snmp/agent/hardware/memory.h>
- #include "host_res.h"
- #include "hr_filesys.h"
- #include "hr_storage.h"
[email protected]@ -546,7 +549,7 @@
-             long_return = 2;    /* others probably aren't */
-         return (u_char *) & long_return;
-     case HRFSYS_STOREIDX:
--        long_return = fsys_idx + HRS_TYPE_FIXED_MAX;
-+        long_return = fsys_idx + NETSNMP_MEM_TYPE_MAX;
-         return (u_char *) & long_return;
-     case HRFSYS_FULLDUMP:
-         return when_dumped(HRFS_entry->HRFS_name, FULL_DUMP, var_len);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/net-snmp/patches/043.16634190.kernel_sunos5.patch	Mon Jun 23 13:36:30 2014 -0700
@@ -0,0 +1,20 @@
+This patch fixes a Solaris specific issue related to incorrect
+reporting of network interface speed inside a zone. The patch has 
+been submitted to the community but has not been accepted yet.
+
+The details can be found in the following location
+https://sourceforge.net/p/net-snmp/patches/1277/
+--- net-snmp-5.4.1.old/agent/mibgroup/kernel_sunos5.c	2014-03-28 14:54:11.259600880 -0400
++++ net-snmp-5.4.1/agent/mibgroup/kernel_sunos5.c	2014-03-28 14:52:32.837130820 -0400
[email protected]@ -1908,8 +1908,10 @@
+          * this is good 
+          */
+ 	havespeed = B_TRUE;
++    } else if ((getKstatInt("link", name, "ifspeed", &ifp->ifSpeed) == 0) ||
++               (getKstatInt("link", name, "ifSpeed", &ifp->ifSpeed) == 0)) {
++        havespeed = B_TRUE;
+     }
+-
+     /* make ifOperStatus depend on link status if available */
+     if (ifp->ifAdminStatus == 1) {
+         int i_tmp;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/net-snmp/patches/044.15805491.hr_filesys.patch	Mon Jun 23 13:36:30 2014 -0700
@@ -0,0 +1,28 @@
+This patch taken from the net-snmp community fixes an issue related to mismatch of the 
+indices in the host resources tables for monitoring disk storage.
+ 
+The details for the upstream bug/patch are given below.
+BUG: 1557372: Realign hrFSStorageIndex with hrStorageTable
+http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=revision&revision=17138
+
+--- net-snmp-5.4.1.old/agent/mibgroup/host/hr_filesys.c	2014-03-25 07:06:17.172039070 -0400
++++ net-snmp-5.4.1/agent/mibgroup/host/hr_filesys.c	    2014-03-25 07:10:05.467869740 -0400
[email protected]@ -4,6 +4,9 @@
+  */
+ 
+ #include <net-snmp/net-snmp-config.h>
++#include <net-snmp/net-snmp-includes.h>
++#include <net-snmp/agent/net-snmp-agent-includes.h>
++#include <net-snmp/agent/hardware/memory.h>
+ #include "host_res.h"
+ #include "hr_filesys.h"
+ #include "hr_storage.h"
[email protected]@ -546,7 +549,7 @@
+             long_return = 2;    /* others probably aren't */
+         return (u_char *) & long_return;
+     case HRFSYS_STOREIDX:
+-        long_return = fsys_idx + HRS_TYPE_FIXED_MAX;
++        long_return = fsys_idx + NETSNMP_MEM_TYPE_MAX;
+         return (u_char *) & long_return;
+     case HRFSYS_FULLDUMP:
+         return when_dumped(HRFS_entry->HRFS_name, FULL_DUMP, var_len);
--- a/components/net-snmp/patches/044.16003771.agent_registry.patch	Mon Jun 23 13:31:06 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-This patch taken from the net-snmp community fixes, an issue related to registration
-error recorded in the /var/log/snmpd.log file when snmp is enabled.
-
-The details can be found in the following location
-http://sourceforge.net/p/net-snmp/patches/973/
---- a/agent/agent_registry.c	2012-12-18 02:02:56.032682052 -0800
-+++ b/agent/agent_registry.c	2012-12-18 02:34:11.953844076 -0800
[email protected]@ -532,7 +532,23 @@
-	
-	    if (next && (next->namelen  == new_sub->namelen) &&
-		(next->priority == new_sub->priority)) {
--                netsnmp_assert(!"registration != duplicate"); /* always false */
-+                if (new_sub->namelen != 1) {    /* ignore root OID dups */
-+                    size_t          out_len = 0;
-+                    size_t          buf_len = 0;
-+                    char           *buf = NULL;
-+                    int             buf_overflow = 0;
-+
-+                    netsnmp_sprint_realloc_objid((u_char **) &buf, &buf_len, &out_len,
-+                                                 1, &buf_overflow,
-+                                                 new_sub->start_a,
-+                                                 new_sub->start_len);
-+                    snmp_log(LOG_ERR,
-+                             "duplicate registration: MIB modules %s and %s (oid %s%s).\n",
-+                             next->label_a, new_sub->label_a,
-+                             buf ? buf : "",
-+                             buf_overflow ? " [TRUNCATED]" : "");
-+                    free(buf);
-+                }
-		return MIB_DUPLICATE_REGISTRATION;
-	    }
- 
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/net-snmp/patches/045.16003771.agent_registry.patch	Mon Jun 23 13:36:30 2014 -0700
@@ -0,0 +1,33 @@
+This patch taken from the net-snmp community fixes, an issue related to registration
+error recorded in the /var/log/snmpd.log file when snmp is enabled.
+
+The details can be found in the following location
+http://sourceforge.net/p/net-snmp/patches/973/
+--- a/agent/agent_registry.c	2012-12-18 02:02:56.032682052 -0800
++++ b/agent/agent_registry.c	2012-12-18 02:34:11.953844076 -0800
[email protected]@ -532,7 +532,23 @@
+	
+	    if (next && (next->namelen  == new_sub->namelen) &&
+		(next->priority == new_sub->priority)) {
+-                netsnmp_assert(!"registration != duplicate"); /* always false */
++                if (new_sub->namelen != 1) {    /* ignore root OID dups */
++                    size_t          out_len = 0;
++                    size_t          buf_len = 0;
++                    char           *buf = NULL;
++                    int             buf_overflow = 0;
++
++                    netsnmp_sprint_realloc_objid((u_char **) &buf, &buf_len, &out_len,
++                                                 1, &buf_overflow,
++                                                 new_sub->start_a,
++                                                 new_sub->start_len);
++                    snmp_log(LOG_ERR,
++                             "duplicate registration: MIB modules %s and %s (oid %s%s).\n",
++                             next->label_a, new_sub->label_a,
++                             buf ? buf : "",
++                             buf_overflow ? " [TRUNCATED]" : "");
++                    free(buf);
++                }
+		return MIB_DUPLICATE_REGISTRATION;
+	    }
+ 
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/net-snmp/patches/046.18721173.patch	Mon Jun 23 13:36:30 2014 -0700
@@ -0,0 +1,20 @@
+CVE-2014-2310
+http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd
+
+--- a/agent/mibgroup/agentx/protocol.c
++++ b/agent/mibgroup/agentx/protocol.c
[email protected]@ -1771,11 +1771,11 @@ agentx_parse(netsnmp_session * session, netsnmp_pdu *pdu, u_char * data,
+                                       (u_char *) end_oid_buf,
+                                       end_oid_buf_len);
+             }
++            oid_buf_len = MAX_OID_LEN;
++            end_oid_buf_len = MAX_OID_LEN;
+         }
+ 
+         DEBUGINDENTLESS();
+-        oid_buf_len = MAX_OID_LEN;
+-        end_oid_buf_len = MAX_OID_LEN;
+         break;
+ 
+ 
+