[Pkg-net-snmp-commits] [pkg-net-snmp] 04/05: fix CVE-2012-6151, Bug#731625
Hideki Yamane
henrich at moszumanska.debian.org
Mon Sep 15 15:19:29 UTC 2014
This is an automated email from the git hooks/post-receive script.
henrich pushed a commit to branch squeeze
in repository pkg-net-snmp.
commit c6c56c8a2032fec2cf6a792738fa9a3633ab58dc
Author: Hideki Yamane <henrich at debian.org>
Date: Mon Mar 3 20:30:53 2014 +0900
fix CVE-2012-6151, Bug#731625
---
debian/changelog | 1 +
debian/patches/agentx-crash.patch | 62 +++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 64 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index d1731b6..45126a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ net-snmp (5.4.3~dfsg-2+squeeze2) oldstable-proposed-updates; urgency=high
- add 67_CVE-2014-2310.patch, fix agentx subagent issues with
multiple-object requests and increasing object length (CVE-2014-2310)
also applied to squeeze (Closes: #684388)
+ - add agentx-crash.patch to fix CVE-2012-6151 (Closes: #731625)
-- Hideki Yamane <henrich at debian.org> Sun, 04 May 2014 12:49:22 +0900
diff --git a/debian/patches/agentx-crash.patch b/debian/patches/agentx-crash.patch
new file mode 100644
index 0000000..00988cc
--- /dev/null
+++ b/debian/patches/agentx-crash.patch
@@ -0,0 +1,62 @@
+Description: fix snmpd crash via AgentX connection
+
+ taken from Fedora, net-snmp-5.7-agentx-crash.patch
+
+bz729738 - net-snmp dumps core in netsnmp_oid_find_prefix
+bz1038011 - net-snmp: snmpd crashes/hangs when AgentX subagent times-out
+
+commit f9304c83f76202db0e684269ca1af32e43cd9db4
+Author: Jan Safranek <jsafranek at users.sourceforge.net>
+Date: Tue Feb 7 14:53:44 2012 +0100
+
+ CHANGES: PATCH 1633670: fixed snmpd crashing when an AgentX subagent disconnect in the middle of processing of a request.
+
+ I fixed also the memory leak reported in the tracker comments.
+
+
+Origin: vendor
+Forwarded: not-needed
+Last-Update: <YYYY-MM-DD>
+
+--- net-snmp-5.7.2~dfsg.orig/agent/mibgroup/agentx/master.c
++++ net-snmp-5.7.2~dfsg/agent/mibgroup/agentx/master.c
+@@ -219,6 +219,9 @@ agentx_got_response(int operation,
+ if (!cache) {
+ DEBUGMSGTL(("agentx/master", "response too late on session %8p\n",
+ session));
++ /* response is too late, free the cache */
++ if (magic)
++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
+ return 0;
+ }
+ requests = cache->requests;
+@@ -606,6 +609,8 @@ agentx_master_handler(netsnmp_mib_handle
+ result = snmp_async_send(ax_session, pdu, agentx_got_response, cb_data);
+ if (result == 0) {
+ snmp_free_pdu(pdu);
++ if (cb_data)
++ netsnmp_free_delegated_cache((netsnmp_delegated_cache*) cb_data);
+ }
+
+ return SNMP_ERR_NOERROR;
+--- net-snmp-5.7.2~dfsg.orig/agent/mibgroup/agentx/master_admin.c
++++ net-snmp-5.7.2~dfsg/agent/mibgroup/agentx/master_admin.c
+@@ -133,11 +133,16 @@ close_agentx_session(netsnmp_session * s
+ * requests, so that the delegated request will be completed and
+ * further requests can be processed
+ */
+- netsnmp_remove_delegated_requests_for_session(session);
++ while (netsnmp_remove_delegated_requests_for_session(session)) {
++ DEBUGMSGTL(("agentx/master", "Continue removing delegated reqests\n"));
++ }
++
+ if (session->subsession != NULL) {
+ netsnmp_session *subsession = session->subsession;
+ for(; subsession; subsession = subsession->next) {
+- netsnmp_remove_delegated_requests_for_session(subsession);
++ while (netsnmp_remove_delegated_requests_for_session(subsession)) {
++ DEBUGMSGTL(("agentx/master", "Continue removing delegated subsession reqests\n"));
++ }
+ }
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index c29520a..cea77ce 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,4 @@
CVE-2012-2141.patch
TrapReceiver.patch
67_CVE-2014-2310.patch
+agentx-crash.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-net-snmp/pkg-net-snmp.git
More information about the Pkg-net-snmp-commits
mailing list