tek/contrib-tek
1
0
Fork 0
forked from ports/contrib
Code Pull Requests Activity

[notify] net-snmp: fix for CVE-2018-1000116. Closes FS#1611

Browse Source
This commit is contained in:
Fredrik Rinnestam 2018-03-10 16:59:13 +01:00
parent 10fc2449bc
commit d64778d139
4 changed files with 127 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net-snmp/.md5sum
View File

@ -1,5 +1,6 @@
aea518953798008a1db91951eefd8da8 0001-CHANGES-BUG-2712-Fix-Perl-module-compilation.patch
ebbb1fa141e14932882f6c747f3fe4b4 0001-Remove-U64-typedef.patch
fcbab0e8e6c5cc76da637d1d71aaec3b CVE-2018-1000116.patch
d4a3459e1577d0efa8d96ca70a885e53 net-snmp-5.7.3.tar.gz
0ac35ebc69c521313cf0c24b9afb3b22 snmpd
e75939cb0b4648856d07b9c04610af5d snmpd.conf

5
net-snmp/.signature
View File

@ -1,9 +1,10 @@
untrusted comment: verify with /etc/ports/contrib.pub
RWSagIOpLGJF32Zho/UyinbScWY8yuoUMXGJXBPFiQYJSByEeJFvk8IaMq6t7CGAVP3/sP7tEb2udJe3cjfDtjEKaSQlmlDPGAA=
SHA256 (Pkgfile) = ecf9b8008b80c92e2b3fae29d7f54690b19dc454e988b33408d39d819549afc8
RWSagIOpLGJF35iPFRGPHBp052IZ8HEewZKWqzRTFdF4mLoiWkKVqpMKnfTviYE9OnUgfC4vx26RSXVcn5fB4ZCbzb+kAt+IqAg=
SHA256 (Pkgfile) = 6597db3298de9e37c021ee96851f67e9a349758a8505b536927e6c3beac2644a
SHA256 (.footprint) = 2d2151d495c0cefd7ba68f015153e8e75fba53dd10165903220b0fe2c68e27c3
SHA256 (net-snmp-5.7.3.tar.gz) = 12ef89613c7707dc96d13335f153c1921efc9d61d3708ef09f3fc4a7014fb4f0
SHA256 (snmpd) = 2f8945dd66668cccd4ad884bbc1f425dfb5ace1261a5c410182222c928f54a34
SHA256 (snmpd.conf) = fc23c35aa4e275456cb9e7e1a4c2af06a9ec089126932a98aef39093a3c33e3e
SHA256 (0001-Remove-U64-typedef.patch) = 5ba67c44ec792c6509e9f91bc2561b7c74231c7123b67e4f45b997ea6b3fa4ec
SHA256 (0001-CHANGES-BUG-2712-Fix-Perl-module-compilation.patch) = 77b9bf66b7f4ee6be486c945602fcbcf37d48a7b2514f3c9ba1e49550f4cab96
SHA256 (CVE-2018-1000116.patch) = 49b1c3509d53b1346c10282c29ac8e2020d40921f7287017ce4f24e06c0a301d

117
net-snmp/CVE-2018-1000116.patch Normal file
View File

@ -0,0 +1,117 @@
--- a/snmplib/snmp_api.c
+++ b/snmplib/snmp_api.c
@@ -4350,10 +4350,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char
u_char type;
u_char msg_type;
u_char *var_val;
- int badtype = 0;
size_t len;
size_t four;
- netsnmp_variable_list *vp = NULL;
+ netsnmp_variable_list *vp = NULL, *vplast = NULL;
oid objid[MAX_OID_LEN];
u_char *p;
@@ -4493,38 +4492,24 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char
(ASN_SEQUENCE | ASN_CONSTRUCTOR),
"varbinds");
if (data == NULL)
- return -1;
+ goto fail;
/*
* get each varBind sequence
*/
while ((int) *length > 0) {
- netsnmp_variable_list *vptemp;
- vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp));
- if (NULL == vptemp) {
- return -1;
- }
- if (NULL == vp) {
- pdu->variables = vptemp;
- } else {
- vp->next_variable = vptemp;
- }
- vp = vptemp;
+ vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list);
+ if (NULL == vp)
+ goto fail;
- vp->next_variable = NULL;
- vp->val.string = NULL;
vp->name_length = MAX_OID_LEN;
- vp->name = NULL;
- vp->index = 0;
- vp->data = NULL;
- vp->dataFreeHook = NULL;
DEBUGDUMPSECTION("recv", "VarBind");
data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type,
&vp->val_len, &var_val, length);
if (data == NULL)
- return -1;
+ goto fail;
if (snmp_set_var_objid(vp, objid, vp->name_length))
- return -1;
+ goto fail;
len = MAX_PACKET_LENGTH;
DEBUGDUMPHEADER("recv", "Value");
@@ -4604,7 +4589,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char
vp->val.string = (u_char *) malloc(vp->val_len);
}
if (vp->val.string == NULL) {
- return -1;
+ goto fail;
}
p = asn_parse_string(var_val, &len, &vp->type, vp->val.string,
&vp->val_len);
@@ -4619,7 +4604,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char
vp->val_len *= sizeof(oid);
vp->val.objid = (oid *) malloc(vp->val_len);
if (vp->val.objid == NULL) {
- return -1;
+ goto fail;
}
memmove(vp->val.objid, objid, vp->val_len);
break;
@@ -4631,7 +4616,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char
case ASN_BIT_STR:
vp->val.bitstring = (u_char *) malloc(vp->val_len);
if (vp->val.bitstring == NULL) {
- return -1;
+ goto fail;
}
p = asn_parse_bitstring(var_val, &len, &vp->type,
vp->val.bitstring, &vp->val_len);
@@ -4640,12 +4625,28 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char
break;
default:
snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type);
- badtype = -1;
+ goto fail;
break;
}
DEBUGINDENTADD(-4);
+
+ if (NULL == vplast) {
+ pdu->variables = vp;
+ } else {
+ vplast->next_variable = vp;
+ }
+ vplast = vp;
+ vp = NULL;
}
- return badtype;
+ return 0;
+
+ fail:
+ DEBUGMSGTL(("recv", "error while parsing VarBindList\n"));
+ /** if we were parsing a var, remove it from the pdu and free it */
+ if (vp)
+ snmp_free_var(vp);
+
+ return -1;
}
/*

8
net-snmp/Pkgfile
View File

@ -5,16 +5,20 @@
name=net-snmp
version=5.7.3
release=4
release=5
source=(http://download.sourceforge.net/$name/$name-$version.tar.gz \
snmpd snmpd.conf \
0001-Remove-U64-typedef.patch \
0001-CHANGES-BUG-2712-Fix-Perl-module-compilation.patch)
0001-CHANGES-BUG-2712-Fix-Perl-module-compilation.patch \
CVE-2018-1000116.patch)
build() {
cd $name-$version
patch -p1 -i $SRC/0001-Remove-U64-typedef.patch
patch -p1 -i $SRC/0001-CHANGES-BUG-2712-Fix-Perl-module-compilation.patch
patch -p1 -i $SRC/CVE-2018-1000116.patch
export NETSNMP_DONT_CHECK_VERSION=1
./configure --prefix=/usr \
--sysconfdir=/etc \