explicitly require the right version and release of net-snmp and
net-snmp-libs Resolves: #451225 fix CVE-2008-4309 Resolves: CVE-2008-4309
This commit is contained in:
parent
23c35c2652
commit
8df2ee9d53
64
net-snmp-5.4.1-getbulk-crash.patch
Normal file
64
net-snmp-5.4.1-getbulk-crash.patch
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
CVE-2008-4309: net-snmp: numresponses calculation integer overflow in snmp_agent.c
|
||||||
|
|
||||||
|
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17272
|
||||||
|
|
||||||
|
Index: clean/agent/snmp_agent.c
|
||||||
|
===================================================================
|
||||||
|
--- clean.orig/agent/snmp_agent.c 2008-10-28 23:12:10.000000000 +0100
|
||||||
|
+++ clean/agent/snmp_agent.c 2008-10-28 23:15:11.000000000 +0100
|
||||||
|
@@ -2234,7 +2234,6 @@
|
||||||
|
r = 0;
|
||||||
|
asp->bulkcache = NULL;
|
||||||
|
} else {
|
||||||
|
- int numresponses;
|
||||||
|
int maxbulk =
|
||||||
|
netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
|
||||||
|
NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
|
||||||
|
@@ -2245,28 +2244,31 @@
|
||||||
|
if (maxresponses == 0)
|
||||||
|
maxresponses = 100; /* more than reasonable default */
|
||||||
|
|
||||||
|
- if (maxbulk == 0)
|
||||||
|
- maxbulk = -1;
|
||||||
|
+ /* ensure that the total number of responses fits in a mallocable
|
||||||
|
+ * result vector
|
||||||
|
+ */
|
||||||
|
+ if (maxresponses < 0 ||
|
||||||
|
+ maxresponses > INT_MAX / sizeof(struct varbind_list *))
|
||||||
|
+ maxresponses = INT_MAX / sizeof(struct varbind_list *);
|
||||||
|
+
|
||||||
|
+ /* ensure that the maximum number of repetitions will fit in the
|
||||||
|
+ * result vector
|
||||||
|
+ */
|
||||||
|
+ if (maxbulk <= 0 || maxbulk > maxresponses / r)
|
||||||
|
+ maxbulk = maxresponses / r;
|
||||||
|
|
||||||
|
/* limit getbulk number of repeats to a configured size */
|
||||||
|
- if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
|
||||||
|
+ if (asp->pdu->errindex > maxbulk) {
|
||||||
|
asp->pdu->errindex = maxbulk;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- numresponses = asp->pdu->errindex * r;
|
||||||
|
-
|
||||||
|
- /* limit getbulk number of getbulk responses to a configured size */
|
||||||
|
- if (maxresponses != -1 && numresponses > maxresponses) {
|
||||||
|
- /* attempt to truncate this */
|
||||||
|
- asp->pdu->errindex = maxresponses/r;
|
||||||
|
- numresponses = asp->pdu->errindex * r;
|
||||||
|
- DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
|
||||||
|
+ DEBUGMSGTL(("snmp_agent",
|
||||||
|
+ "truncating number of getbulk repeats to %d\n",
|
||||||
|
+ asp->pdu->errindex));
|
||||||
|
}
|
||||||
|
|
||||||
|
asp->bulkcache =
|
||||||
|
- (netsnmp_variable_list **) malloc(numresponses *
|
||||||
|
- sizeof(struct
|
||||||
|
- varbind_list *));
|
||||||
|
+ (netsnmp_variable_list **) malloc(
|
||||||
|
+ asp->pdu->errindex * r * sizeof(struct varbind_list *));
|
||||||
|
+
|
||||||
|
if (!asp->bulkcache) {
|
||||||
|
DEBUGMSGTL(("snmp_agent", "Bulkcache malloc failed\n"));
|
||||||
|
return SNMP_ERR_GENERR;
|
@ -44,6 +44,7 @@ Patch18: net-snmp-5.4.1-hmac-check.patch
|
|||||||
Patch19: net-snmp-5.4.1-perl-snprintf.patch
|
Patch19: net-snmp-5.4.1-perl-snprintf.patch
|
||||||
Patch20: net-snmp-5.4.1-perl-set.patch
|
Patch20: net-snmp-5.4.1-perl-set.patch
|
||||||
Patch21: net-snmp-5.4.1-long-iface-names.patch
|
Patch21: net-snmp-5.4.1-long-iface-names.patch
|
||||||
|
Patch22: net-snmp-5.4.1-getbulk-crash.patch
|
||||||
|
|
||||||
Requires(pre): chkconfig
|
Requires(pre): chkconfig
|
||||||
Requires(post): chkconfig
|
Requires(post): chkconfig
|
||||||
@ -52,6 +53,7 @@ Requires(preun): chkconfig
|
|||||||
Requires(preun): initscripts
|
Requires(preun): initscripts
|
||||||
# for /bin/rm
|
# for /bin/rm
|
||||||
Requires(preun): coreutils
|
Requires(preun): coreutils
|
||||||
|
Requires: %{name}-libs = %{epoch}:%{version}-%{release}
|
||||||
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
|
BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
|
||||||
@ -86,7 +88,7 @@ Building option:
|
|||||||
%package utils
|
%package utils
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: Network management utilities using SNMP, from the NET-SNMP project
|
Summary: Network management utilities using SNMP, from the NET-SNMP project
|
||||||
Requires: %{name} = %{epoch}:%{version}
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description utils
|
%description utils
|
||||||
The net-snmp-utils package contains various utilities for use with the
|
The net-snmp-utils package contains various utilities for use with the
|
||||||
@ -99,7 +101,7 @@ package.
|
|||||||
%package devel
|
%package devel
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Summary: The development environment for the NET-SNMP project
|
Summary: The development environment for the NET-SNMP project
|
||||||
Requires: %{name} = %{epoch}:%{version}
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||||
Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
|
Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
|
||||||
%if %{tcp_wrappers}
|
%if %{tcp_wrappers}
|
||||||
Requires: tcp_wrappers-devel
|
Requires: tcp_wrappers-devel
|
||||||
@ -121,7 +123,7 @@ packages installed.
|
|||||||
%package perl
|
%package perl
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Summary: The perl NET-SNMP module and the mib2c tool
|
Summary: The perl NET-SNMP module and the mib2c tool
|
||||||
Requires: %{name} = %{epoch}:%{version}, perl >= 5
|
Requires: %{name} = %{epoch}:%{version}-%{release}, perl >= 5
|
||||||
BuildRequires: perl >= 5
|
BuildRequires: perl >= 5
|
||||||
|
|
||||||
%description perl
|
%description perl
|
||||||
@ -134,7 +136,7 @@ with perl.
|
|||||||
%package gui
|
%package gui
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: An interactive graphical MIB browser for SNMP
|
Summary: An interactive graphical MIB browser for SNMP
|
||||||
Requires: perl-Tk, net-snmp-perl
|
Requires: perl-Tk, net-snmp-perl = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description gui
|
%description gui
|
||||||
The net-snmp-gui package contains tkmib utility, which is a graphical user
|
The net-snmp-gui package contains tkmib utility, which is a graphical user
|
||||||
@ -179,6 +181,7 @@ and applications.
|
|||||||
%patch19 -p3 -b .perl-snprintf
|
%patch19 -p3 -b .perl-snprintf
|
||||||
%patch20 -p1 -b .perl-set
|
%patch20 -p1 -b .perl-set
|
||||||
%patch21 -p2 -b .long-iface-names
|
%patch21 -p2 -b .long-iface-names
|
||||||
|
%patch22 -p1 -b .getbulk-crash
|
||||||
|
|
||||||
# Do this patch with a perl hack...
|
# Do this patch with a perl hack...
|
||||||
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
|
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
|
||||||
@ -398,6 +401,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||||||
* Tue Jul 22 2008 Jan Safranek <jsafranek@redhat.com> 5.4.1-19
|
* Tue Jul 22 2008 Jan Safranek <jsafranek@redhat.com> 5.4.1-19
|
||||||
- fix perl SNMP::Session::set (#452131)
|
- fix perl SNMP::Session::set (#452131)
|
||||||
- support interface names longer than 8 characters (#468045)
|
- support interface names longer than 8 characters (#468045)
|
||||||
|
- explicitly require the right version and release of net-snmp and
|
||||||
|
net-snmp-libs
|
||||||
|
- fix CVE-2008-4309
|
||||||
|
|
||||||
* Tue Jun 10 2008 Jan Safranek <jsafranek@redhat.com> 5.4.1-18
|
* Tue Jun 10 2008 Jan Safranek <jsafranek@redhat.com> 5.4.1-18
|
||||||
- explicitly require lm_sensor > 3 for build (#442718)
|
- explicitly require lm_sensor > 3 for build (#442718)
|
||||||
|
Loading…
Reference in New Issue
Block a user