From 47adcde62f8cabd52c3ac438452b2d9e883d69f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= Date: Thu, 28 Jan 2021 14:19:56 +0100 Subject: [PATCH] Fix crash caused by small buffer size --- net-snmp-5.9-ssl-buffer-size.patch | 67 ++++++++++++++++++++++++++++++ net-snmp.spec | 3 ++ 2 files changed, 70 insertions(+) create mode 100644 net-snmp-5.9-ssl-buffer-size.patch diff --git a/net-snmp-5.9-ssl-buffer-size.patch b/net-snmp-5.9-ssl-buffer-size.patch new file mode 100644 index 0000000..d9875ac --- /dev/null +++ b/net-snmp-5.9-ssl-buffer-size.patch @@ -0,0 +1,67 @@ +diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c +--- a/snmplib/snmp_openssl.c 2021-01-28 14:10:05.993443671 +0100 ++++ b/snmplib/snmp_openssl.c 2021-01-28 14:17:52.531088559 +0100 +@@ -284,31 +284,29 @@ _cert_get_extension(X509_EXTENSION *oex + } + if (X509V3_EXT_print(bio, oext, 0, 0) != 1) { + snmp_log(LOG_ERR, "could not print extension!\n"); +- BIO_vfree(bio); +- return NULL; ++ goto out; + } + + space = BIO_get_mem_data(bio, &data); + if (buf && *buf) { +- if (*len < space) +- buf_ptr = NULL; +- else +- buf_ptr = *buf; ++ if (*len < space + 1) { ++ snmp_log(LOG_ERR, "not enough buffer space to print extension\n"); ++ goto out; ++ } ++ buf_ptr = *buf; ++ } else { ++ buf_ptr = calloc(1, space + 1); + } +- else +- buf_ptr = calloc(1,space + 1); + + if (!buf_ptr) { +- snmp_log(LOG_ERR, +- "not enough space or error in allocation for extenstion\n"); +- BIO_vfree(bio); +- return NULL; ++ snmp_log(LOG_ERR, "error in allocation for extenstion\n"); ++ goto out; + } + memcpy(buf_ptr, data, space); + buf_ptr[space] = 0; + if (len) + *len = space; +- ++out: + BIO_vfree(bio); + + return buf_ptr; +@@ -479,7 +477,7 @@ netsnmp_openssl_cert_dump_extensions(X50 + { + X509_EXTENSION *extension; + const char *extension_name; +- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf; ++ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf; + int i, num_extensions, buf_len, nid; + + if (NULL == ocert) +@@ -499,6 +497,11 @@ netsnmp_openssl_cert_dump_extensions(X50 + extension_name = OBJ_nid2sn(nid); + buf_len = sizeof(buf); + str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0); ++ if (!str) { ++ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i, ++ extension_name)); ++ continue; ++ } + lf = strchr(str, '\n'); /* look for multiline strings */ + if (NULL != lf) + *lf = '\0'; /* only log first line of multiline here */ diff --git a/net-snmp.spec b/net-snmp.spec index ee12c05..b32e7fe 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -55,6 +55,7 @@ Patch25: net-snmp-5.8-clientaddr-error-message.patch Patch26: net-snmp-5.8-empty-passphrase.patch Patch27: net-snmp-5.9-ECC-cert.patch Patch28: net-snmp-5.9-intermediate-certs.patch +Patch29: net-snmp-5.9-ssl-buffer-size.patch # Modern RPM API means at least EL6 Patch101: net-snmp-5.8-modern-rpm-api.patch @@ -234,6 +235,7 @@ cp %{SOURCE10} . %patch26 -p1 -b .empty-passphrase %patch27 -p1 -b .ECC-cert %patch28 -p1 -b .intermediate-certs +%patch29 -p1 -b .ssl-buffer-size %patch101 -p1 -b .modern-rpm-api %patch102 -p1 @@ -504,6 +506,7 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test * Thu Jan 28 2021 Josef Ridky - 1:5.9-6 - add support for digests detected from ECC certificates - add support for intermediate certificates +- fix crash caused by small buffer size * Tue Jan 26 2021 Fedora Release Engineering - 1:5.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild