Search
j0ke.net Open Build Service
>
Projects
>
GFS
>
net-snmp
> net-snmp-5.3.0.1_CVE-2007-5846.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File net-snmp-5.3.0.1_CVE-2007-5846.patch of Package net-snmp (Revision 2)
Currently displaying revision
2
,
show latest
=== man/snmpd.conf.5.def ================================================================== Index: man/snmpd.conf.5.def =================================================================== --- man/snmpd.conf.5.def.orig 2007-11-16 16:09:19.000000000 +0100 +++ man/snmpd.conf.5.def 2007-11-16 16:09:22.272048114 +0100 @@ -71,6 +71,28 @@ starting with '#' (#UID). .IP "leave_pidfile yes" instructs the agent to not remove its pid file on shutdown. Equivalent to specifying "-U" on the command line. +.IP "maxGetbulkRepeats NUM" +Sets the maximum number of responses allowed for a single variable in +a getbulk request. Set to 0 to enable the default and set it to -1 to +enable unlimited. Because memory is allocated ahead of time, sitting +this to unlimited is not considered safe if your user population can +not be trusted. A repeat number greater than this will be truncated +to this value. +.IP +This is set by default to -1. +.IP "maxGetbulkResponses NUM" +Sets the maximum number of responses allowed for a getbulk request. +This is set by default to 100. Set to 0 to enable the default and set +it to -1 to enable unlimited. Because memory is allocated ahead of +time, sitting this to unlimited is not considered safe if your user +population can not be trusted. +.IP +In general, the total number of responses will not be allowed to +exceed the maxGetbulkResponses number and the total number returned +will be an integer multiple of the number of variables requested times +the calculated number of repeats allow to fit below this number. +.IP +Also not that processing of maxGetbulkRepeats is handled first. .SS SNMPv3 Configuration SNMPv3 requires an SNMP agent to define a unique "engine ID" in order to respond to SNMPv3 requests. Index: include/net-snmp/agent/ds_agent.h =================================================================== --- include/net-snmp/agent/ds_agent.h.orig 2007-11-16 16:09:19.000000000 +0100 +++ include/net-snmp/agent/ds_agent.h 2007-11-16 16:09:22.288049071 +0100 @@ -52,5 +52,7 @@ #define NETSNMP_DS_AGENT_CACHE_TIMEOUT 10 /* default cache timeout */ #define NETSNMP_DS_AGENT_INTERNAL_VERSION 11 /* used by internal queries */ #define NETSNMP_DS_AGENT_INTERNAL_SECLEVEL 12 /* used by internal queries */ +#define NETSNMP_DS_AGENT_MAX_GETBULKREPEATS 13 /* max getbulk repeats */ +#define NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES 14 /* max getbulk respones */ #endif Index: agent/agent_read_config.c =================================================================== --- agent/agent_read_config.c.orig 2007-11-16 16:09:19.000000000 +0100 +++ agent/agent_read_config.c 2007-11-16 16:10:06.014664579 +0100 @@ -258,7 +258,13 @@ init_agent_read_config(const char *app) netsnmp_ds_register_config(ASN_BOOLEAN, app, "dontLogTCPWrappersConnects", NETSNMP_DS_APPLICATION_ID, NETSNMP_DS_AGENT_DONT_LOG_TCPWRAPPERS_CONNECTS); - netsnmp_init_handler_conf(); + netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkRepeats", + NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKREPEATS); + netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkResponses", + NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES); + netsnmp_init_handler_conf(); #include "agent_module_dot_conf.h" #include "mib_module_dot_conf.h" Index: agent/snmp_agent.c =================================================================== --- agent/snmp_agent.c.orig 2007-11-16 16:09:19.000000000 +0100 +++ agent/snmp_agent.c 2007-11-16 16:09:22.328051464 +0100 @@ -2141,7 +2141,6 @@ netsnmp_create_subtree_cache(netsnmp_age * getbulk prep */ int count = count_varbinds(asp->pdu->variables); - if (asp->pdu->errstat < 0) { asp->pdu->errstat = 0; } @@ -2158,13 +2157,44 @@ netsnmp_create_subtree_cache(netsnmp_age r = 0; asp->bulkcache = NULL; } else { + int numresponses; + int maxbulk = + netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKREPEATS); + int maxresponses = + netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID, + NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES); + + if (maxresponses == 0) + maxresponses = 100; /* more than reasonable default */ + + if (maxbulk == 0) + maxbulk = -1; + + /* limit getbulk number of repeats to a configured size */ + if (asp->pdu->errindex > maxbulk && maxbulk != -1) { + asp->pdu->errindex = maxbulk; + } + + numresponses = asp->pdu->errindex * r; + + /* limit getbulk number of getbulk responses to a configured size */ + if (maxresponses != -1 && numresponses > maxresponses) { + /* attempt to truncate this */ + asp->pdu->errindex = maxresponses/r; + numresponses = asp->pdu->errindex * r; + DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex)); + } + asp->bulkcache = - (netsnmp_variable_list **) malloc(asp->pdu->errindex * r * + (netsnmp_variable_list **) malloc(numresponses * sizeof(struct varbind_list *)); } DEBUGMSGTL(("snmp_agent", "GETBULK N = %d, M = %d, R = %d\n", n, asp->pdu->errindex, r)); + fprintf(stderr, "GETBULK N = %d, M = %d, R = %d\n", + n, asp->pdu->errindex, r); } /*
