pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/net-snmp patch (in 4 parts) for CVE-2012-6151 from



details:   https://anonhg.NetBSD.org/pkgsrc/rev/cfda9cd764f4
branches:  trunk
changeset: 629736:cfda9cd764f4
user:      spz <spz%pkgsrc.org@localhost>
date:      Sun Jan 26 21:33:06 2014 +0000

description:
patch (in 4 parts) for CVE-2012-6151 from
http://sourceforge.net/p/net-snmp/patches/_discuss/thread/36675011/e98b/attachment/alt-cancel-next-walk-v2.patch

diffstat:

 net/net-snmp/Makefile                                           |    4 +-
 net/net-snmp/distinfo                                           |    6 +-
 net/net-snmp/patches/patch-agent_mibgroup_agentx_master.c       |   31 ++
 net/net-snmp/patches/patch-agent_mibgroup_agentx_master_admin.c |   15 +
 net/net-snmp/patches/patch-agent_snmp__agent.c                  |  151 ++++++++++
 net/net-snmp/patches/patch-include_net-snmp_agent_snmp__agent.h |   33 ++
 6 files changed, 237 insertions(+), 3 deletions(-)

diffs (292 lines):

diff -r 743a68e4442b -r cfda9cd764f4 net/net-snmp/Makefile
--- a/net/net-snmp/Makefile     Sun Jan 26 17:00:29 2014 +0000
+++ b/net/net-snmp/Makefile     Sun Jan 26 21:33:06 2014 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.99 2013/11/05 17:40:30 joerg Exp $
+# $NetBSD: Makefile,v 1.100 2014/01/26 21:33:06 spz Exp $
 
 DISTNAME=      net-snmp-5.7.2
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=net-snmp/}
 
diff -r 743a68e4442b -r cfda9cd764f4 net/net-snmp/distinfo
--- a/net/net-snmp/distinfo     Sun Jan 26 17:00:29 2014 +0000
+++ b/net/net-snmp/distinfo     Sun Jan 26 21:33:06 2014 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.79 2013/11/29 12:59:51 joerg Exp $
+$NetBSD: distinfo,v 1.80 2014/01/26 21:33:06 spz Exp $
 
 SHA1 (net-snmp-5.7.2.tar.gz) = c493027907f32400648244d81117a126aecd27ee
 RMD160 (net-snmp-5.7.2.tar.gz) = 392d643e9f2f42ee4fa688b4702329ad005ee12e
@@ -6,6 +6,8 @@
 SHA1 (patch-ac) = 59987ecb9467b1cead9af3d4432a4dd69be93480
 SHA1 (patch-af) = 4fb96b79f9126dedb8a132d44894ea23c9e8c101
 SHA1 (patch-ag) = d9595eceeb5ee986ab4365f62e3c3ab339e605aa
+SHA1 (patch-agent_mibgroup_agentx_master.c) = c2b3f145280e3fecc26a431ec914cf89d87a17f4
+SHA1 (patch-agent_mibgroup_agentx_master_admin.c) = 3c233c1e3113fbc9c1de34cb4cbacca9ef4a6fe2
 SHA1 (patch-agent_mibgroup_hardware_cpu_cpu__sysctl.c) = 346bb4cb0e905821aa3bbdda4ae0fd8526d35854
 SHA1 (patch-agent_mibgroup_hardware_fsys_fsys_getfsstats.c) = 7fc48c58c8f5bc73caaf3990ef61a94fb856e208
 SHA1 (patch-agent_mibgroup_hardware_memory_memory__netbsd.c) = f04d66f823bf2b49401e6d9a62db4b39ed679907
@@ -14,6 +16,7 @@
 SHA1 (patch-agent_mibgroup_mibII_ipv6.c) = d6a271145e6ba774cbc1e93caa14e3d22dc43075
 SHA1 (patch-agent_mibgroup_mibII_tcpTable.c) = f547f3fd08848803cbf7ce08a41ba463c4d02992
 SHA1 (patch-agent_mibgroup_mibII_udpTable.c) = 2eb5e5c05ecb23f69cbb0d38a31e14d5b5ddc6b7
+SHA1 (patch-agent_snmp__agent.c) = 2dbfea907d0e1881f5d55c5b270984fc3a562da9
 SHA1 (patch-ai) = 04c2a487bad8705c9725ef4a62016051d3898970
 SHA1 (patch-aj) = d110e996d0538d17251d39a5eed46df6944ba0fa
 SHA1 (patch-ak) = 50ac67db8a9ffc16d983b4192e74db25ef439321
@@ -27,5 +30,6 @@
 SHA1 (patch-du) = 89a77e82d881207500fb45c422b66710e44c0eb4
 SHA1 (patch-el) = b85dbef28e14fe29c9fb944508a08e7423a37152
 SHA1 (patch-es) = 7336d905bac315f344f93664e4118332f88fb6ee
+SHA1 (patch-include_net-snmp_agent_snmp__agent.h) = 2139d849b0ffe004a72f3276a98c0d2cb72dca18
 SHA1 (patch-include_net-snmp_system_netbsd.h) = 7880fded678147b2cc75e035234b89727e213d00
 SHA1 (patch-perl_agent_Makefile.PL) = 722380debeda1552b74b60ff91cea3cbbc716e74
diff -r 743a68e4442b -r cfda9cd764f4 net/net-snmp/patches/patch-agent_mibgroup_agentx_master.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/net-snmp/patches/patch-agent_mibgroup_agentx_master.c Sun Jan 26 21:33:06 2014 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-agent_mibgroup_agentx_master.c,v 1.1 2014/01/26 21:33:06 spz Exp $
+
+patch for CVE-2012-6151 from
+http://sourceforge.net/p/net-snmp/patches/_discuss/thread/36675011/e98b/attachment/alt-cancel-next-walk-v2.patch
+
+--- agent/mibgroup/agentx/master.c.orig        2012-10-09 22:28:58.000000000 +0000
++++ agent/mibgroup/agentx/master.c
+@@ -219,7 +219,13 @@ agentx_got_response(int operation,
+     if (!cache) {
+         DEBUGMSGTL(("agentx/master", "response too late on session %8p\n",
+                     session));
+-        return 0;
++        /*
++         * Response is too late, free the cache and return 1
++         * so that the session pending request list item can be deleted
++         */
++        if (magic)
++            netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
++        return 1;
+     }
+     requests = cache->requests;
+ 
+@@ -606,6 +612,8 @@ agentx_master_handler(netsnmp_mib_handle
+     result = snmp_async_send(ax_session, pdu, agentx_got_response, cb_data);
+     if (result == 0) {
+         snmp_free_pdu(pdu);
++        if (cb_data)
++            netsnmp_free_delegated_cache((netsnmp_delegated_cache*) cb_data);
+     }
+ 
+     return SNMP_ERR_NOERROR;
diff -r 743a68e4442b -r cfda9cd764f4 net/net-snmp/patches/patch-agent_mibgroup_agentx_master_admin.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/net-snmp/patches/patch-agent_mibgroup_agentx_master_admin.c   Sun Jan 26 21:33:06 2014 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-agent_mibgroup_agentx_master_admin.c,v 1.1 2014/01/26 21:33:06 spz Exp $
+
+patch for CVE-2012-6151 from
+http://sourceforge.net/p/net-snmp/patches/_discuss/thread/36675011/e98b/attachment/alt-cancel-next-walk-v2.patch
+
+--- agent/mibgroup/agentx/master_admin.c.orig  2012-10-09 22:28:58.000000000 +0000
++++ agent/mibgroup/agentx/master_admin.c
+@@ -153,6 +153,7 @@ close_agentx_session(netsnmp_session * s
+     for (sp = session->subsession; sp != NULL; sp = sp->next) {
+ 
+         if (sp->sessid == sessid) {
++            netsnmp_remove_delegated_requests_for_session(sp);
+             unregister_mibs_by_session(sp);
+             unregister_index_by_session(sp);
+             unregister_sysORTable_by_session(sp);
diff -r 743a68e4442b -r cfda9cd764f4 net/net-snmp/patches/patch-agent_snmp__agent.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/net-snmp/patches/patch-agent_snmp__agent.c    Sun Jan 26 21:33:06 2014 +0000
@@ -0,0 +1,151 @@
+$NetBSD: patch-agent_snmp__agent.c,v 1.1 2014/01/26 21:33:06 spz Exp $
+
+patch for CVE-2012-6151 from
+http://sourceforge.net/p/net-snmp/patches/_discuss/thread/36675011/e98b/attachment/alt-cancel-next-walk-v2.patch
+
+--- agent/snmp_agent.c.orig    2012-10-09 22:28:58.000000000 +0000
++++ agent/snmp_agent.c
+@@ -1409,6 +1409,7 @@ init_agent_snmp_session(netsnmp_session 
+     asp->treecache_num = -1;
+     asp->treecache_len = 0;
+     asp->reqinfo = SNMP_MALLOC_TYPEDEF(netsnmp_agent_request_info);
++    asp->flags = SNMP_AGENT_FLAGS_NONE;
+     DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p created\n",
+                 asp, asp->reqinfo));
+ 
+@@ -1458,6 +1459,9 @@ netsnmp_check_for_delegated(netsnmp_agen
+     if (NULL == asp->treecache)
+         return 0;
+     
++    if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS)
++        return 0;
++
+     for (i = 0; i <= asp->treecache_num; i++) {
+         for (request = asp->treecache[i].requests_begin; request;
+              request = request->next) {
+@@ -1535,39 +1539,48 @@ int
+ netsnmp_remove_delegated_requests_for_session(netsnmp_session *sess)
+ {
+     netsnmp_agent_session *asp;
+-    int count = 0;
++    int total_count = 0;
+     
+     for (asp = agent_delegated_list; asp; asp = asp->next) {
+         /*
+          * check each request
+          */
++        int i;
++        int count = 0;
+         netsnmp_request_info *request;
+-        for(request = asp->requests; request; request = request->next) {
+-            /*
+-             * check session
+-             */
+-            netsnmp_assert(NULL!=request->subtree);
+-            if(request->subtree->session != sess)
+-                continue;
+-
+-            /*
+-             * matched! mark request as done
+-             */
+-            netsnmp_request_set_error(request, SNMP_ERR_GENERR);
+-            ++count;
++        for (i = 0; i <= asp->treecache_num; i++) {
++          for(request = asp->requests; request;
++                request = request->next) {
++              /*
++               * check session
++               */
++              netsnmp_assert(NULL!=request->subtree);
++              if(request->subtree->session != sess)
++                  continue;
++
++              /*
++               * matched! mark request as done
++               */
++              netsnmp_request_set_error(request, SNMP_ERR_GENERR);
++              ++count;
++          }
++      }
++        if (count) {
++            asp->flags |= SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS;
++            total_count += count;
+         }
+     }
+ 
+     /*
+      * if we found any, that request may be finished now
+      */
+-    if(count) {
++    if(total_count) {
+         DEBUGMSGTL(("snmp_agent", "removed %d delegated request(s) for session "
+-                    "%8p\n", count, sess));
+-        netsnmp_check_outstanding_agent_requests();
++                    "%8p\n", total_count, sess));
++        netsnmp_check_delegated_requests();
+     }
+     
+-    return count;
++    return total_count;
+ }
+ 
+ int
+@@ -2739,13 +2752,8 @@ handle_var_requests(netsnmp_agent_sessio
+     return final_status;
+ }
+ 
+-/*
+- * loop through our sessions known delegated sessions and check to see
+- * if they've completed yet. If there are no more delegated sessions,
+- * check for and process any queued requests
+- */
+ void
+-netsnmp_check_outstanding_agent_requests(void)
++netsnmp_check_delegated_requests(void)
+ {
+     netsnmp_agent_session *asp, *prev_asp = NULL, *next_asp = NULL;
+ 
+@@ -2790,6 +2798,22 @@ netsnmp_check_outstanding_agent_requests
+             prev_asp = asp;
+         }
+     }
++}
++
++/*
++ * loop through our sessions known delegated sessions and check to see
++ * if they've completed yet. If there are no more delegated sessions,
++ * check for and process any queued requests
++ */
++void
++netsnmp_check_outstanding_agent_requests(void)
++{
++    netsnmp_agent_session *asp;
++
++    /*
++     * deal with delegated requests
++     */
++    netsnmp_check_delegated_requests();
+ 
+     /*
+      * if we are processing a set and there are more delegated
+@@ -2819,7 +2843,8 @@ netsnmp_check_outstanding_agent_requests
+ 
+             netsnmp_processing_set = netsnmp_agent_queued_list;
+             DEBUGMSGTL(("snmp_agent", "SET request remains queued while "
+-                        "delegated requests finish, asp = %8p\n", asp));
++                        "delegated requests finish, asp = %8p\n",
++                        agent_delegated_list));
+             break;
+         }
+ #endif /* NETSNMP_NO_WRITE_SUPPORT */
+@@ -2880,6 +2905,10 @@ check_delayed_request(netsnmp_agent_sess
+     case SNMP_MSG_GETBULK:
+     case SNMP_MSG_GETNEXT:
+         netsnmp_check_all_requests_status(asp, 0);
++        if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS) {
++            DEBUGMSGTL(("snmp_agent","canceling next walk for asp %p\n", asp));
++            break;
++        }
+         handle_getnext_loop(asp);
+         if (netsnmp_check_for_delegated(asp) &&
+             netsnmp_check_transaction_id(asp->pdu->transid) !=
diff -r 743a68e4442b -r cfda9cd764f4 net/net-snmp/patches/patch-include_net-snmp_agent_snmp__agent.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/net-snmp/patches/patch-include_net-snmp_agent_snmp__agent.h   Sun Jan 26 21:33:06 2014 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-include_net-snmp_agent_snmp__agent.h,v 1.1 2014/01/26 21:33:06 spz Exp $
+
+patch for CVE-2012-6151 from
+http://sourceforge.net/p/net-snmp/patches/_discuss/thread/36675011/e98b/attachment/alt-cancel-next-walk-v2.patch
+
+--- include/net-snmp/agent/snmp_agent.h.orig   2012-10-09 22:28:58.000000000 +0000
++++ include/net-snmp/agent/snmp_agent.h
+@@ -32,6 +32,9 @@ extern          "C" {
+ #define SNMP_MAX_PDU_SIZE 64000 /* local constraint on PDU size sent by agent
+                                  * (see also SNMP_MAX_MSG_SIZE in snmp_api.h) */
+ 
++#define SNMP_AGENT_FLAGS_NONE                   0x0
++#define SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS     0x1
++
+     /*
+      * If non-zero, causes the addresses of peers to be logged when receptions
+      * occur.  
+@@ -205,6 +208,7 @@ extern          "C" {
+         int             treecache_num;  /* number of current cache entries */
+         netsnmp_cachemap *cache_store;
+         int             vbcount;
++        int             flags;
+     } netsnmp_agent_session;
+ 
+     /*
+@@ -240,6 +244,7 @@ extern          "C" {
+     int             init_master_agent(void);
+     void            shutdown_master_agent(void);
+     int             agent_check_and_process(int block);
++    void            netsnmp_check_delegated_requests(void);
+     void            netsnmp_check_outstanding_agent_requests(void);
+ 
+     int             netsnmp_request_set_error(netsnmp_request_info *request,



Home | Main Index | Thread Index | Old Index