[Pkg-net-snmp-commits] [pkg-net-snmp] 03/05: fix Bug#760132 : CVE-2014-3565
Hideki Yamane
henrich at moszumanska.debian.org
Mon Sep 15 15:19:12 UTC 2014
This is an automated email from the git hooks/post-receive script.
henrich pushed a commit to branch master
in repository pkg-net-snmp.
commit ad6cf41578d95a4fd07bd0956c2922618bf482db
Author: Hideki Yamane <henrich at debian.org>
Date: Mon Sep 15 22:54:52 2014 +0900
fix Bug#760132 : CVE-2014-3565
---
debian/patches/CVE-2014-3565.patch | 455 +++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 456 insertions(+)
diff --git a/debian/patches/CVE-2014-3565.patch b/debian/patches/CVE-2014-3565.patch
new file mode 100644
index 0000000..ed1587e
--- /dev/null
+++ b/debian/patches/CVE-2014-3565.patch
@@ -0,0 +1,455 @@
+Description: patch for CVE-2014-3565
+ taken from http://sourceforge.net/p/net-snmp/official-patches/48/
+
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/760132
+Last-Update: 2012-07-17
+
+
+
+commit 7f4a7b891332899cea26e95be0337aae01648742
+Author: Jan Safranek <jsafranek at users.sourceforge.net>
+Date: Thu Jul 31 13:46:49 2014 +0200
+
+ Added checks for printing variables with wrong types.
+
+ When -OQ command line argument is used, variable formatter preffers the type
+ of the varible parsed from a MIB file instead of checking type of the variable
+ as parsed from SNMP message.
+
+ This can lead to crashes when incoming packets contains a variable with
+ NULL type, while the MIB says the variable should be non-NULL, like Integer.
+ The formatter then tries to interpret the NULL (from packet) as Integer (from
+ MIB file).
+
+Index: pkg-net-snmp/snmplib/mib.c
+===================================================================
+--- pkg-net-snmp.orig/snmplib/mib.c 2014-05-15 23:29:58.461566805 +0900
++++ pkg-net-snmp/snmplib/mib.c 2014-09-15 22:50:53.677839395 +0900
+@@ -464,17 +464,16 @@
+ u_char *cp;
+ int output_format, cnt;
+
+- if ((var->type != ASN_OCTET_STR) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- const char str[] = "Wrong Type (should be OCTET STRING): ";
+- if (snmp_cstrcat
+- (buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OCTET_STR) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ const char str[] = "Wrong Type (should be OCTET STRING): ";
++ if (!snmp_cstrcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+
+@@ -742,16 +741,16 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_OPAQUE_FLOAT) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Float): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OPAQUE_FLOAT) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Float): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -812,17 +811,16 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_OPAQUE_DOUBLE) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat
+- (buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Double): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OPAQUE_DOUBLE) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Double): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -887,20 +885,21 @@
+ {
+ char a64buf[I64CHARSZ + 1];
+
+- if ((var->type != ASN_COUNTER64
++ if (var->type != ASN_COUNTER64
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ && var->type != ASN_OPAQUE_COUNTER64
+ && var->type != ASN_OPAQUE_I64 && var->type != ASN_OPAQUE_U64
+ #endif
+- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Counter64): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ ) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Counter64): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -988,23 +987,25 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_OPAQUE
++ if (var->type != ASN_OPAQUE
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ && var->type != ASN_OPAQUE_COUNTER64
+ && var->type != ASN_OPAQUE_U64
+ && var->type != ASN_OPAQUE_I64
+ && var->type != ASN_OPAQUE_FLOAT && var->type != ASN_OPAQUE_DOUBLE
+ #endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */
+- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
+- "Wrong Type (should be Opaque): ")) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ ) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Opaque): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
++
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ switch (var->type) {
+ case ASN_OPAQUE_COUNTER64:
+@@ -1080,17 +1081,16 @@
+ {
+ int buf_overflow = 0;
+
+- if ((var->type != ASN_OBJECT_ID) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] =
+- "Wrong Type (should be OBJECT IDENTIFIER): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_OBJECT_ID) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be OBJECT IDENTIFIER): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1150,16 +1150,16 @@
+ {
+ char timebuf[40];
+
+- if ((var->type != ASN_TIMETICKS) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be Timeticks): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_TIMETICKS) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Timeticks): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NUMERIC_TIMETICKS)) {
+@@ -1298,17 +1298,18 @@
+ {
+ char *enum_string = NULL;
+
+- if ((var->type != ASN_INTEGER) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be INTEGER): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_INTEGER) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be INTEGER): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
++
+ for (; enums; enums = enums->next) {
+ if (enums->value == *var->val.integer) {
+ enum_string = enums->label;
+@@ -1401,16 +1402,16 @@
+ {
+ char *enum_string = NULL;
+
+- if ((var->type != ASN_UINTEGER) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be UInteger32): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_UINTEGER) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be UInteger32): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ for (; enums; enums = enums->next) {
+@@ -1498,17 +1499,16 @@
+ {
+ char tmp[32];
+
+- if ((var->type != ASN_GAUGE) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] =
+- "Wrong Type (should be Gauge32 or Unsigned32): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_GAUGE) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Gauge32 or Unsigned32): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1571,16 +1571,16 @@
+ {
+ char tmp[32];
+
+- if ((var->type != ASN_COUNTER) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be Counter32): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_COUNTER) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be Counter32): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1634,16 +1634,16 @@
+ {
+ size_t i;
+
+- if ((var->type != ASN_IPADDRESS) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be NetworkAddress): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_IPADDRESS) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be NetworkAddress): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1700,16 +1700,16 @@
+ {
+ u_char *ip = var->val.string;
+
+- if ((var->type != ASN_IPADDRESS) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be IpAddress): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_IPADDRESS) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be IpAddress): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1758,20 +1758,20 @@
+ const struct enum_list *enums,
+ const char *hint, const char *units)
+ {
+- if ((var->type != ASN_NULL) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be NULL): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_NULL) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be NULL): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+- } else {
+- u_char str[] = "NULL";
+- return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
+ }
++
++ u_char str[] = "NULL";
++ return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
+ }
+
+
+@@ -1806,16 +1806,16 @@
+ u_char *cp;
+ char *enum_string;
+
+- if ((var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be BITS): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be BITS): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
+@@ -1890,16 +1890,16 @@
+ const struct enum_list *enums, const char *hint,
+ const char *units)
+ {
+- if ((var->type != ASN_NSAP) &&
+- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
+- u_char str[] = "Wrong Type (should be NsapAddress): ";
+- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
+- return sprint_realloc_by_type(buf, buf_len, out_len,
++ if (var->type != ASN_NSAP) {
++ if (!netsnmp_ds_get_boolean(
++ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
++ u_char str[] = "Wrong Type (should be NsapAddress): ";
++ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
++ return 0;
++ }
++ return sprint_realloc_by_type(buf, buf_len, out_len,
+ allow_realloc, var, NULL, NULL,
+ NULL);
+- } else {
+- return 0;
+- }
+ }
+
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
diff --git a/debian/patches/series b/debian/patches/series
index 9f7bc2d..b72d485 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,3 +24,4 @@ fix_manpage-has-errors-from-man.patch
agentx-crash.patch
TrapReceiver.patch
ifmib.patch
+CVE-2014-3565.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-net-snmp/pkg-net-snmp.git
More information about the Pkg-net-snmp-commits
mailing list