61 lines
3.2 KiB
Diff
61 lines
3.2 KiB
Diff
|
551030 - Memory corruption in TCP-MIB::tcpListenerProcess
|
||
|
|
|
||
|
|
Source: upstream, SVN rev. 17861
|
||
|
|
|
||
|
|
CHANGES: snmpd: Fixed invalid access to memory in TCP-MIB
|
||
|
|
|
||
|
|
diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
|
||
|
|
index 7259bf8..e274d19 100644
|
||
|
|
--- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
|
||
|
|
+++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
|
||
|
|
@@ -155,6 +155,8 @@ tcpConnectionTable_rowreq_ctx_cleanup(tcpConnectionTable_rowreq_ctx *
|
||
|
|
/*
|
||
|
|
* TODO:211:o: |-> Perform extra tcpConnectionTable rowreq cleanup.
|
||
|
|
*/
|
||
|
|
+ netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
|
||
|
|
+ rowreq_ctx->data = NULL;
|
||
|
|
} /* tcpConnectionTable_rowreq_ctx_cleanup */
|
||
|
|
|
||
|
|
/**
|
||
|
|
diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
|
||
|
|
index 807dd9d..fec6bef 100644
|
||
|
|
--- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
|
||
|
|
+++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
|
||
|
|
@@ -256,7 +256,8 @@ tcpConnectionTable_container_load(netsnmp_container *container)
|
||
|
|
* free the container. we've either claimed each entry, or released it,
|
||
|
|
* so the dal function doesn't need to clear the container.
|
||
|
|
*/
|
||
|
|
- netsnmp_access_tcpconn_container_free(raw_data, 0);
|
||
|
|
+ netsnmp_access_tcpconn_container_free(raw_data,
|
||
|
|
+ NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
|
||
|
|
|
||
|
|
DEBUGMSGT(("verbose:tcpConnectionTable:tcpConnectionTable_cache_load",
|
||
|
|
"%d records\n", (int)CONTAINER_SIZE(container)));
|
||
|
|
diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
|
||
|
|
index f3009dd..ebd672b 100644
|
||
|
|
--- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
|
||
|
|
+++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
|
||
|
|
@@ -154,6 +154,8 @@ tcpListenerTable_rowreq_ctx_cleanup(tcpListenerTable_rowreq_ctx *
|
||
|
|
/*
|
||
|
|
* TODO:211:o: |-> Perform extra tcpListenerTable rowreq cleanup.
|
||
|
|
*/
|
||
|
|
+ netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
|
||
|
|
+ rowreq_ctx->data = NULL;
|
||
|
|
} /* tcpListenerTable_rowreq_ctx_cleanup */
|
||
|
|
|
||
|
|
/**
|
||
|
|
diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
|
||
|
|
index 09ba655..b25d5db 100644
|
||
|
|
--- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
|
||
|
|
+++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
|
||
|
|
@@ -254,7 +254,8 @@ tcpListenerTable_container_load(netsnmp_container *container)
|
||
|
|
* free the container. we've either claimed each entry, or released it,
|
||
|
|
* so the dal function doesn't need to clear the container.
|
||
|
|
*/
|
||
|
|
- netsnmp_access_tcpconn_container_free(raw_data, 0);
|
||
|
|
+ netsnmp_access_tcpconn_container_free(raw_data,
|
||
|
|
+ NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
|
||
|
|
|
||
|
|
DEBUGMSGT(("verbose:tcpListenerTable:tcpListenerTable_cache_load",
|
||
|
|
"%d records\n", (int)CONTAINER_SIZE(container)));
|