Compare commits
12 Commits
| Author | SHA1 | Date |
|---|---|---|
Fedora Release Engineering
|
f7fb465225 | |
Jan Šafránek
|
e882a392e5 | |
|
Jan Šafránek
|
7349a8ee47 | |
|
Jan Šafránek
|
2ef6f554ee | |
|
Jan Šafránek
|
fbc7b3495d | |
|
Jan Šafránek
|
249d7d5534 | |
|
Jan Šafránek
|
97e4c94ac0 | |
|
Jan Šafránek
|
dc172512d8 | |
|
Jan Šafránek
|
9f2ff9bbc2 | |
|
Jan Šafránek
|
ecb61b0b72 | |
|
Jan Šafránek
|
cd1859f3e0 | |
Bill Nottingham
|
7980f5a1b4 |
6
Makefile
6
Makefile
|
|
@ -1,6 +0,0 @@
|
|||
# Makefile for source rpm: net-snmp
|
||||
# $Id$
|
||||
NAME := net-snmp
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
include ../common/Makefile.common
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
--- net-snmp-5.3.1/snmplib/snmp_parse_args.c.orig 2005-11-23 10:11:40.000000000 +0100
|
||||
+++ net-snmp-5.3.1/snmplib/snmp_parse_args.c 2007-06-14 13:10:54.000000000 +0200
|
||||
@@ -275,6 +275,7 @@
|
||||
break;
|
||||
|
||||
case 'M':
|
||||
+ netsnmp_get_mib_directory(); /* prepare the default directories */
|
||||
netsnmp_set_mib_directory(optarg);
|
||||
break;
|
||||
#endif /* DISABLE_MIB_LOADING */
|
||||
|
|
@ -0,0 +1,121 @@
|
|||
--- net-snmp-5.3.1/include/net-snmp/library/container.h.orig 2005-12-04 19:43:04.000000000 +0100
|
||||
+++ net-snmp-5.3.1/include/net-snmp/library/container.h 2007-05-04 10:01:38.000000000 +0200
|
||||
@@ -330,6 +330,11 @@
|
||||
int CONTAINER_INSERT(netsnmp_container *x, const void *k);
|
||||
|
||||
/*
|
||||
+ * check if k is in any container and insert it into all if not
|
||||
+ */
|
||||
+ int CONTAINER_TRY_INSERT(netsnmp_container *x, const void *k);
|
||||
+
|
||||
+ /*
|
||||
* remove k from all containers
|
||||
*/
|
||||
int CONTAINER_REMOVE(netsnmp_container *x, const void *k);
|
||||
@@ -370,8 +370,32 @@
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
- }
|
||||
+ }
|
||||
+
|
||||
|
||||
+ int CONTAINER_TRY_INSERT(netsnmp_container *x, const void *k)
|
||||
+ {
|
||||
+ const void *res = NULL;
|
||||
+
|
||||
+ netsnmp_container *start;
|
||||
+ /** start at first container */
|
||||
+ while(x->prev)
|
||||
+ x = x->prev;
|
||||
+
|
||||
+ start = x;
|
||||
+
|
||||
+ for(; x; x = x->next) {
|
||||
+ if ((NULL != x->insert_filter) &&
|
||||
+ (x->insert_filter(x,k) == 1))
|
||||
+ continue;
|
||||
+ res = x->find(x,k);
|
||||
+ if (res) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ return CONTAINER_INSERT(start, k);
|
||||
+ }
|
||||
+
|
||||
/*------------------------------------------------------------------
|
||||
* These functions should EXACTLY match the function version in
|
||||
* container.c. If you change one, change them both.
|
||||
--- net-snmp-5.3.1/snmplib/container.c.orig 2006-04-21 02:24:47.000000000 +0200
|
||||
+++ net-snmp-5.3.1/snmplib/container.c 2007-05-04 10:34:23.000000000 +0200
|
||||
@@ -286,6 +286,29 @@
|
||||
return rc;
|
||||
}
|
||||
|
||||
+int CONTAINER_TRY_INSERT(netsnmp_container *x, const void *k)
|
||||
+{
|
||||
+ const void *res = NULL;
|
||||
+
|
||||
+ netsnmp_container *start;
|
||||
+ /** start at first container */
|
||||
+ while(x->prev)
|
||||
+ x = x->prev;
|
||||
+
|
||||
+ start = x;
|
||||
+
|
||||
+ for(; x; x = x->next) {
|
||||
+ if ((NULL != x->insert_filter) &&
|
||||
+ (x->insert_filter(x,k) == 1))
|
||||
+ continue;
|
||||
+ res = x->find(x,k);
|
||||
+ if (res) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ return CONTAINER_INSERT(start, k);
|
||||
+}
|
||||
+
|
||||
/*------------------------------------------------------------------
|
||||
* These functions should EXACTLY match the inline version in
|
||||
* container.h. If you change one, change them both.
|
||||
--- net-snmp-5.4/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c.orig 2005-10-31 05:32:17.000000000 +0100
|
||||
+++ net-snmp-5.4/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c 2007-05-04 12:03:17.000000000 +0200
|
||||
@@ -272,7 +272,16 @@
|
||||
/*
|
||||
* add entry to container
|
||||
*/
|
||||
- CONTAINER_INSERT(container, entry);
|
||||
+ rc = CONTAINER_TRY_INSERT(container, entry);
|
||||
+ if (rc < 0) {
|
||||
+ static int logged = 0;
|
||||
+ if (!logged) {
|
||||
+ snmp_log(LOG_NOTICE, "Duplicate IP address detected, some interfaces may not be visible in IP-MIB\n");
|
||||
+ logged = 1;
|
||||
+ }
|
||||
+ netsnmp_access_ipaddress_entry_free(entry);
|
||||
+ rc = 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
/*
|
||||
--- net-snmp-5.4/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c.orig 2006-09-15 02:48:40.000000000 +0200
|
||||
+++ net-snmp-5.4/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2007-05-04 12:03:44.000000000 +0200
|
||||
@@ -324,7 +324,17 @@
|
||||
/*
|
||||
* add entry to container
|
||||
*/
|
||||
- CONTAINER_INSERT(container, entry);
|
||||
+ rc = CONTAINER_TRY_INSERT(container, entry);
|
||||
+ if (rc < 0) {
|
||||
+ static int logged = 0;
|
||||
+ if (!logged) {
|
||||
+ snmp_log(LOG_NOTICE, "Duplicate IPv6 address detected, some interfaces may not be visible in IP-MIB\n");
|
||||
+ logged = 1;
|
||||
+ }
|
||||
+ netsnmp_access_ipaddress_entry_free(entry);
|
||||
+ rc = 0;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
fclose(in);
|
||||
|
|
@ -83,9 +83,10 @@
|
|||
return (u_char *) LowPhysAddr;
|
||||
case IPMEDIANETADDRESS: /* also ATNETADDRESS */
|
||||
- *var_len = sizeof(uint32_t);
|
||||
+ *var_len = sizeof addr_ret;
|
||||
long_return = LowAddr;
|
||||
- long_return = LowAddr;
|
||||
- return (u_char *) & long_return;
|
||||
+ *var_len = sizeof addr_ret;
|
||||
+ addr_ret = LowAddr;
|
||||
+ return (u_char *) & addr_ret;
|
||||
case IPMEDIATYPE:
|
||||
*var_len = sizeof long_return;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
--- net-snmp-5.4/agent/mibgroup/agent/extend.c.orig 2006-10-18 21:07:35.000000000 +0200
|
||||
+++ net-snmp-5.4/agent/mibgroup/agent/extend.c 2007-06-27 14:30:08.000000000 +0200
|
||||
@@ -448,6 +448,9 @@
|
||||
extension->command = strdup( exec_command );
|
||||
if (cptr)
|
||||
extension->args = strdup( cptr );
|
||||
+ } else {
|
||||
+ snmp_log(LOG_ERR, "Duplicate MIBOID '%s' detected in exec statement, only the first one will be used.\n", exec_name);
|
||||
+ return;
|
||||
}
|
||||
|
||||
#ifndef USING_UCD_SNMP_EXTENSIBLE_MODULE
|
||||
|
|
@ -0,0 +1,206 @@
|
|||
--- net-snmp-5.4/apps/snmptrapd_log.c.orig 2006-09-15 02:48:43.000000000 +0200
|
||||
+++ net-snmp-5.4/apps/snmptrapd_log.c 2007-05-03 12:19:58.000000000 +0200
|
||||
@@ -626,6 +626,8 @@
|
||||
char fmt_cmd = options->cmd; /* what we're formatting */
|
||||
u_char *temp_buf = NULL;
|
||||
size_t temp_buf_len = 64, temp_out_len = 0;
|
||||
+ char *tstr;
|
||||
+ unsigned int oflags;
|
||||
|
||||
if ((temp_buf = calloc(temp_buf_len, 1)) == NULL) {
|
||||
return 0;
|
||||
@@ -681,125 +683,59 @@
|
||||
* Write the numerical transport information.
|
||||
*/
|
||||
if (transport != NULL && transport->f_fmtaddr != NULL) {
|
||||
- char *tstr =
|
||||
- transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
- pdu->transport_data_length);
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+ oflags = transport->flags;
|
||||
+ transport->flags &= ~NETSNMP_TRANSPORT_FLAG_HOSTNAME;
|
||||
+ tstr = transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
+ pdu->transport_data_length);
|
||||
+ transport->flags = oflags;
|
||||
+
|
||||
+ if (!tstr) goto noip;
|
||||
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
|
||||
+ 1, (u_char *)tstr)) {
|
||||
+ SNMP_FREE(temp_buf);
|
||||
+ SNMP_FREE(tstr);
|
||||
return 0;
|
||||
}
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
+ SNMP_FREE(tstr);
|
||||
} else {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- "<UNKNOWN>")) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+noip:
|
||||
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
+ (const u_char*)"<UNKNOWN>")) {
|
||||
+ SNMP_FREE(temp_buf);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
- /*
|
||||
- * Write a host name.
|
||||
- */
|
||||
case CHR_PDU_NAME:
|
||||
/*
|
||||
- * Right, apparently a name lookup is wanted. This is only reasonable
|
||||
- * for the UDP and TCP transport domains (we don't want to try to be
|
||||
- * too clever here).
|
||||
+ * Try to convert the numerical transport information
|
||||
+ * into a hostname. Or rather, have the transport-specific
|
||||
+ * address formatting routine do this.
|
||||
+ * Otherwise falls back to the numeric address format.
|
||||
*/
|
||||
-#ifdef NETSNMP_TRANSPORT_TCP_DOMAIN
|
||||
- if (transport != NULL && (transport->domain == netsnmpUDPDomain ||
|
||||
- transport->domain ==
|
||||
- netsnmp_snmpTCPDomain)) {
|
||||
-#else
|
||||
- if (transport != NULL && transport->domain == netsnmpUDPDomain) {
|
||||
-#endif
|
||||
- /*
|
||||
- * This is kind of bletcherous -- it breaks the opacity of
|
||||
- * transport_data but never mind -- the alternative is a lot of
|
||||
- * munging strings from f_fmtaddr.
|
||||
- */
|
||||
- struct sockaddr_in *addr =
|
||||
- (struct sockaddr_in *) pdu->transport_data;
|
||||
- if (addr != NULL
|
||||
- && pdu->transport_data_length ==
|
||||
- sizeof(struct sockaddr_in)) {
|
||||
- if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
- NETSNMP_DS_APP_NUMERIC_IP)) {
|
||||
- host =
|
||||
- gethostbyaddr((char *) &(addr->sin_addr),
|
||||
- sizeof(struct in_addr), AF_INET);
|
||||
- }
|
||||
- if (host != NULL) {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- (u_char *)host->h_name)) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
- return 0;
|
||||
- }
|
||||
- } else {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- (u_char *)inet_ntoa(addr->sin_addr))) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
- return 0;
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- "<UNKNOWN>")) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
- return 0;
|
||||
- }
|
||||
- }
|
||||
- } else if (transport != NULL && transport->f_fmtaddr != NULL) {
|
||||
- /*
|
||||
- * Some other domain for which we do not know how to do a name
|
||||
- * lookup. Fall back to the formatted transport address.
|
||||
- */
|
||||
- char *tstr =
|
||||
- transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
- pdu->transport_data_length);
|
||||
- if (!snmp_strcat
|
||||
- (&temp_buf, &temp_buf_len, &temp_out_len, 1, (u_char *)tstr)) {
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+ if (transport != NULL && transport->f_fmtaddr != NULL) {
|
||||
+ oflags = transport->flags;
|
||||
+ if (!netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
|
||||
+ NETSNMP_DS_APP_NUMERIC_IP))
|
||||
+ transport->flags |= NETSNMP_TRANSPORT_FLAG_HOSTNAME;
|
||||
+ tstr = transport->f_fmtaddr(transport, pdu->transport_data,
|
||||
+ pdu->transport_data_length);
|
||||
+ transport->flags = oflags;
|
||||
+
|
||||
+ if (!tstr) goto nohost;
|
||||
+ if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len,
|
||||
+ 1, (u_char *)tstr)) {
|
||||
+ SNMP_FREE(temp_buf);
|
||||
+ SNMP_FREE(tstr);
|
||||
return 0;
|
||||
}
|
||||
- if (tstr != NULL) {
|
||||
- free(tstr);
|
||||
- }
|
||||
+ SNMP_FREE(tstr);
|
||||
} else {
|
||||
- /*
|
||||
- * We are kind of stuck!
|
||||
- */
|
||||
+nohost:
|
||||
if (!snmp_strcat(&temp_buf, &temp_buf_len, &temp_out_len, 1,
|
||||
- "<UNKNOWN>")) {
|
||||
- if (temp_buf != NULL) {
|
||||
- free(temp_buf);
|
||||
- }
|
||||
+ (const u_char*)"<UNKNOWN>")) {
|
||||
+ SNMP_FREE(temp_buf);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
--- net-snmp-5.4/snmplib/snmpUDPDomain.c.orig 2006-09-20 01:42:17.000000000 +0200
|
||||
+++ net-snmp-5.4/snmplib/snmpUDPDomain.c 2007-05-03 12:17:30.000000000 +0200
|
||||
@@ -87,6 +87,7 @@
|
||||
netsnmp_udp_fmtaddr(netsnmp_transport *t, void *data, int len)
|
||||
{
|
||||
netsnmp_udp_addr_pair *addr_pair = NULL;
|
||||
+ struct hostent *host;
|
||||
|
||||
if (data != NULL && len == sizeof(netsnmp_udp_addr_pair)) {
|
||||
addr_pair = (netsnmp_udp_addr_pair *) data;
|
||||
@@ -104,6 +105,10 @@
|
||||
return strdup("UDP: unknown");
|
||||
}
|
||||
|
||||
+ if ( t && t->flags & NETSNMP_TRANSPORT_FLAG_HOSTNAME ) {
|
||||
+ host = gethostbyaddr((char *)&to->sin_addr, 4, AF_INET);
|
||||
+ return (host ? strdup(host->h_name) : NULL);
|
||||
+ }
|
||||
sprintf(tmp, "UDP: [%s]:%hu",
|
||||
inet_ntoa(to->sin_addr), ntohs(to->sin_port));
|
||||
return strdup(tmp);
|
||||
--- net-snmp-5.3.1/include/net-snmp/library/snmp_transport.h.orig 2005-09-15 15:46:58.000000000 +0200
|
||||
+++ net-snmp-5.3.1/include/net-snmp/library/snmp_transport.h 2007-05-02 17:21:30.000000000 +0200
|
||||
@@ -19,6 +19,7 @@
|
||||
#define NETSNMP_TRANSPORT_FLAG_STREAM 0x01
|
||||
#define NETSNMP_TRANSPORT_FLAG_LISTEN 0x02
|
||||
#define NETSNMP_TRANSPORT_FLAG_TUNNELED 0x04
|
||||
+#define NETSNMP_TRANSPORT_FLAG_HOSTNAME 0x80 /* for fmtaddr hook */
|
||||
|
||||
/* The standard SNMP domains. */
|
||||
|
||||
|
|
@ -0,0 +1,122 @@
|
|||
Index: man/snmpd.conf.5.def
|
||||
===================================================================
|
||||
--- man/snmpd.conf.5.def (revision 16338)
|
||||
+++ man/snmpd.conf.5.def (working copy)
|
||||
@@ -71,6 +71,28 @@
|
||||
.IP "leave_pidfile yes"
|
||||
instructs the agent to not remove its pid file on shutdown. Equivalent to
|
||||
specifying "-U" on the command line.
|
||||
+.IP "maxGetbulkRepeats NUM"
|
||||
+Sets the maximum number of responses allowed for a single variable in
|
||||
+a getbulk request. Set to 0 to enable the default and set it to -1 to
|
||||
+enable unlimited. Because memory is allocated ahead of time, sitting
|
||||
+this to unlimited is not considered safe if your user population can
|
||||
+not be trusted. A repeat number greater than this will be truncated
|
||||
+to this value.
|
||||
+.IP
|
||||
+This is set by default to -1.
|
||||
+.IP "maxGetbulkResponses NUM"
|
||||
+Sets the maximum number of responses allowed for a getbulk request.
|
||||
+This is set by default to 100. Set to 0 to enable the default and set
|
||||
+it to -1 to enable unlimited. Because memory is allocated ahead of
|
||||
+time, sitting this to unlimited is not considered safe if your user
|
||||
+population can not be trusted.
|
||||
+.IP
|
||||
+In general, the total number of responses will not be allowed to
|
||||
+exceed the maxGetbulkResponses number and the total number returned
|
||||
+will be an integer multiple of the number of variables requested times
|
||||
+the calculated number of repeats allow to fit below this number.
|
||||
+.IP
|
||||
+Also not that processing of maxGetbulkRepeats is handled first.
|
||||
.SS SNMPv3 Configuration
|
||||
SNMPv3 requires an SNMP agent to define a unique "engine ID"
|
||||
in order to respond to SNMPv3 requests.
|
||||
Index: include/net-snmp/agent/ds_agent.h
|
||||
===================================================================
|
||||
--- include/net-snmp/agent/ds_agent.h (revision 16338)
|
||||
+++ include/net-snmp/agent/ds_agent.h (working copy)
|
||||
@@ -59,5 +59,7 @@
|
||||
#define NETSNMP_DS_AGENT_CACHE_TIMEOUT 10 /* default cache timeout */
|
||||
#define NETSNMP_DS_AGENT_INTERNAL_VERSION 11 /* used by internal queries */
|
||||
#define NETSNMP_DS_AGENT_INTERNAL_SECLEVEL 12 /* used by internal queries */
|
||||
+#define NETSNMP_DS_AGENT_MAX_GETBULKREPEATS 13 /* max getbulk repeats */
|
||||
+#define NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES 14 /* max getbulk respones */
|
||||
|
||||
#endif
|
||||
Index: agent/agent_read_config.c
|
||||
===================================================================
|
||||
--- agent/agent_read_config.c (revision 16338)
|
||||
+++ agent/agent_read_config.c (working copy)
|
||||
@@ -258,6 +258,12 @@
|
||||
netsnmp_ds_register_config(ASN_BOOLEAN, app, "dontLogTCPWrappersConnects",
|
||||
NETSNMP_DS_APPLICATION_ID,
|
||||
NETSNMP_DS_AGENT_DONT_LOG_TCPWRAPPERS_CONNECTS);
|
||||
+ netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkRepeats",
|
||||
+ NETSNMP_DS_APPLICATION_ID,
|
||||
+ NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
|
||||
+ netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkResponses",
|
||||
+ NETSNMP_DS_APPLICATION_ID,
|
||||
+ NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES);
|
||||
netsnmp_init_handler_conf();
|
||||
|
||||
#include "agent_module_dot_conf.h"
|
||||
Index: agent/snmp_agent.c
|
||||
===================================================================
|
||||
--- agent/snmp_agent.c (revision 16338)
|
||||
+++ agent/snmp_agent.c (working copy)
|
||||
@@ -2156,7 +2156,6 @@
|
||||
* getbulk prep
|
||||
*/
|
||||
int count = count_varbinds(asp->pdu->variables);
|
||||
-
|
||||
if (asp->pdu->errstat < 0) {
|
||||
asp->pdu->errstat = 0;
|
||||
}
|
||||
@@ -2173,8 +2172,37 @@
|
||||
r = 0;
|
||||
asp->bulkcache = NULL;
|
||||
} else {
|
||||
+ int numresponses;
|
||||
+ int maxbulk =
|
||||
+ netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
|
||||
+ NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
|
||||
+ int maxresponses =
|
||||
+ netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
|
||||
+ NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES);
|
||||
+
|
||||
+ if (maxresponses == 0)
|
||||
+ maxresponses = 100; /* more than reasonable default */
|
||||
+
|
||||
+ if (maxbulk == 0)
|
||||
+ maxbulk = -1;
|
||||
+
|
||||
+ /* limit getbulk number of repeats to a configured size */
|
||||
+ if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
|
||||
+ asp->pdu->errindex = maxbulk;
|
||||
+ }
|
||||
+
|
||||
+ numresponses = asp->pdu->errindex * r;
|
||||
+
|
||||
+ /* limit getbulk number of getbulk responses to a configured size */
|
||||
+ if (maxresponses != -1 && numresponses > maxresponses) {
|
||||
+ /* attempt to truncate this */
|
||||
+ asp->pdu->errindex = maxresponses/r;
|
||||
+ numresponses = asp->pdu->errindex * r;
|
||||
+ DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
|
||||
+ }
|
||||
+
|
||||
asp->bulkcache =
|
||||
- (netsnmp_variable_list **) malloc(asp->pdu->errindex * r *
|
||||
+ (netsnmp_variable_list **) malloc(numresponses *
|
||||
sizeof(struct
|
||||
varbind_list *));
|
||||
if (!asp->bulkcache) {
|
||||
@@ -2184,6 +2212,8 @@
|
||||
}
|
||||
DEBUGMSGTL(("snmp_agent", "GETBULK N = %d, M = %d, R = %d\n",
|
||||
n, asp->pdu->errindex, r));
|
||||
+ fprintf(stderr, "GETBULK N = %d, M = %d, R = %d\n",
|
||||
+ n, asp->pdu->errindex, r);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
Source: svn diff -r 15941:15942
|
||||
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
|
||||
|
||||
Index: agent/mibgroup/smux/smux.c
|
||||
===================================================================
|
||||
--- agent/mibgroup/smux/smux.c (revision 15941)
|
||||
+++ agent/mibgroup/smux/smux.c (revision 15942)
|
||||
@@ -150,42 +150,40 @@
|
||||
config_perror("Too many smuxpeers");
|
||||
return;
|
||||
}
|
||||
- aptr->sa_active_fd = -1;
|
||||
- if (!cptr) {
|
||||
- /*
|
||||
- * null passwords OK
|
||||
- */
|
||||
- Auths[nauths++] = aptr;
|
||||
- DEBUGMSGTL(("smux_conf", "null password\n"));
|
||||
- return;
|
||||
- }
|
||||
|
||||
/*
|
||||
* oid
|
||||
*/
|
||||
- password_cptr = strchr(cptr, ' ');
|
||||
- cptr_len = strlen(cptr);
|
||||
- if (password_cptr)
|
||||
- *password_cptr = 0x0;
|
||||
-
|
||||
+ aptr->sa_active_fd = -1;
|
||||
aptr->sa_oid_len = MAX_OID_LEN;
|
||||
read_objid( cptr, aptr->sa_oid, &aptr->sa_oid_len );
|
||||
-
|
||||
DEBUGMSGTL(("smux_conf", "parsing registration for: %s\n", cptr));
|
||||
|
||||
- if ((&password_cptr - &cptr + 1) < cptr_len) {
|
||||
- cptr = ++password_cptr;
|
||||
- DEBUGMSGTL(("smux_conf", "password is: %s\n",
|
||||
- SNMP_STRORNULL(cptr)));
|
||||
- }
|
||||
+ password_cptr = strchr(cptr, ' ');
|
||||
+ cptr_len = strlen(cptr);
|
||||
|
||||
- /*
|
||||
- * password
|
||||
- */
|
||||
- if (cptr)
|
||||
- strcpy(aptr->sa_passwd, cptr);
|
||||
+ if (password_cptr != NULL) { /* Do we have a password or not? */
|
||||
+ *password_cptr = 0x0;
|
||||
+ if ((&password_cptr - &cptr + 1) < cptr_len) {
|
||||
+ cptr = ++password_cptr;
|
||||
+ DEBUGMSGTL(("smux_conf", "password is: %s\n",
|
||||
+ SNMP_STRORNULL(cptr)));
|
||||
+ }
|
||||
|
||||
+ /*
|
||||
+ * password
|
||||
+ */
|
||||
+ if (cptr)
|
||||
+ strcpy(aptr->sa_passwd, cptr);
|
||||
+ } else {
|
||||
+ /*
|
||||
+ * null passwords OK
|
||||
+ */
|
||||
+ DEBUGMSGTL(("smux_conf", "null password\n"));
|
||||
+ }
|
||||
+
|
||||
Auths[nauths++] = aptr;
|
||||
+ return;
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
Already fixed upstream, should appear in 5.4.1
|
||||
--- net-snmp-5.4/agent/mibgroup/udp-mib/data_access/udp_endpoint_linux.c.orig 2006-09-19 05:26:57.000000000 +0200
|
||||
+++ net-snmp-5.4/agent/mibgroup/udp-mib/data_access/udp_endpoint_linux.c 2007-05-03 13:21:55.000000000 +0200
|
||||
@@ -194,7 +194,7 @@
|
||||
offset, line_info->start));
|
||||
return PMLP_RC_MEMORY_UNUSED;
|
||||
}
|
||||
- ep->loc_addr_len = offset;
|
||||
+ ep->rmt_addr_len = offset;
|
||||
ptr += (offset * 2);
|
||||
++ptr; /* skip ':' */
|
||||
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
Author: upstream, svn diff -r 15682:15683
|
||||
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
|
||||
|
||||
Index: snmplib/snmpUDPDomain.c
|
||||
===================================================================
|
||||
--- snmplib/snmpUDPDomain.c (revision 15682)
|
||||
+++ snmplib/snmpUDPDomain.c (revision 15683)
|
||||
@@ -586,28 +586,24 @@
|
||||
int rc = 0;
|
||||
char *str = NULL;
|
||||
char *client_socket = NULL;
|
||||
- netsnmp_udp_addr_pair *addr_pair = NULL;
|
||||
+ netsnmp_udp_addr_pair addr_pair;
|
||||
|
||||
if (addr == NULL || addr->sin_family != AF_INET) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- addr_pair = (netsnmp_udp_addr_pair *) malloc(sizeof(netsnmp_udp_addr_pair));
|
||||
- if (addr_pair == NULL) {
|
||||
- return NULL;
|
||||
- }
|
||||
- memset(addr_pair, 0, sizeof(netsnmp_udp_addr_pair));
|
||||
- memcpy(&(addr_pair->remote_addr), addr, sizeof(struct sockaddr_in));
|
||||
+ memset(&addr_pair, 0, sizeof(netsnmp_udp_addr_pair));
|
||||
+ memcpy(&(addr_pair.remote_addr), addr, sizeof(struct sockaddr_in));
|
||||
|
||||
t = (netsnmp_transport *) malloc(sizeof(netsnmp_transport));
|
||||
if (t == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- str = netsnmp_udp_fmtaddr(NULL, (void *)addr_pair,
|
||||
+ str = netsnmp_udp_fmtaddr(NULL, (void *)&addr_pair,
|
||||
sizeof(netsnmp_udp_addr_pair));
|
||||
- DEBUGMSGTL(("netsnmp_udp", "open %s %s:%d\n", local ? "local" : "remote",
|
||||
- str,addr->sin_port));
|
||||
+ DEBUGMSGTL(("netsnmp_udp", "open %s %s\n", local ? "local" : "remote",
|
||||
+ str));
|
||||
free(str);
|
||||
|
||||
memset(t, 0, sizeof(netsnmp_transport));
|
||||
@@ -690,7 +686,7 @@
|
||||
t->remote[4] = (htons(addr->sin_port) & 0xff00) >> 8;
|
||||
t->remote[5] = (htons(addr->sin_port) & 0x00ff) >> 0;
|
||||
t->remote_length = 6;
|
||||
- memcpy(t->data, addr_pair, sizeof(netsnmp_udp_addr_pair));
|
||||
+ memcpy(t->data, &addr_pair, sizeof(netsnmp_udp_addr_pair));
|
||||
t->data_length = sizeof(netsnmp_udp_addr_pair);
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
|
||||
|
||||
Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
|
||||
Reviewed-by: Jan Safranek <jsafrane@redhat.com>
|
||||
|
||||
diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
|
||||
--- net-snmp-5.0.9/snmplib/scapi.c.orig 2008-06-04 10:19:26.000000000 +0200
|
||||
+++ net-snmp-5.0.9/snmplib/scapi.c 2008-06-04 10:20:45.000000000 +0200
|
||||
@@ -460,6 +460,9 @@ sc_check_keyed_hash(const oid * authtype
|
||||
QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
|
||||
}
|
||||
|
||||
+ if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
|
||||
+ QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Generate a full hash of the message, then compare
|
||||
|
|
@ -0,0 +1,106 @@
|
|||
447262: CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value()
|
||||
|
||||
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&sortby=date&revision=16770
|
||||
Reviewed-By: Jan Safranek <jsafrane@redhat.com>
|
||||
|
||||
--- branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/21 23:19:29 16769
|
||||
+++ branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs 2007/12/22 19:22:44 16770
|
||||
@@ -470,14 +470,16 @@
|
||||
if (flag == USE_ENUMS) {
|
||||
for(ep = tp->enums; ep; ep = ep->next) {
|
||||
if (ep->value == *var->val.integer) {
|
||||
- strcpy(buf, ep->label);
|
||||
+ strncpy(buf, ep->label, buf_len);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
len = strlen(buf);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!len) {
|
||||
- sprintf(buf,"%ld", *var->val.integer);
|
||||
+ snprintf(buf, buf_len, "%ld", *var->val.integer);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
len = strlen(buf);
|
||||
}
|
||||
break;
|
||||
@@ -486,21 +488,25 @@
|
||||
case ASN_COUNTER:
|
||||
case ASN_TIMETICKS:
|
||||
case ASN_UINTEGER:
|
||||
- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
|
||||
+ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
len = strlen(buf);
|
||||
break;
|
||||
|
||||
case ASN_OCTET_STR:
|
||||
case ASN_OPAQUE:
|
||||
- memcpy(buf, (char*)var->val.string, var->val_len);
|
||||
len = var->val_len;
|
||||
+ if ( len > buf_len )
|
||||
+ len = buf_len;
|
||||
+ memcpy(buf, (char*)var->val.string, len);
|
||||
break;
|
||||
|
||||
case ASN_IPADDRESS:
|
||||
- ip = (u_char*)var->val.string;
|
||||
- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
|
||||
- len = strlen(buf);
|
||||
- break;
|
||||
+ ip = (u_char*)var->val.string;
|
||||
+ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
|
||||
+ buf[buf_len-1] = '\0';
|
||||
+ len = strlen(buf);
|
||||
+ break;
|
||||
|
||||
case ASN_NULL:
|
||||
break;
|
||||
@@ -512,14 +518,14 @@
|
||||
break;
|
||||
|
||||
case SNMP_ENDOFMIBVIEW:
|
||||
- sprintf(buf,"%s", "ENDOFMIBVIEW");
|
||||
- break;
|
||||
+ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
|
||||
+ break;
|
||||
case SNMP_NOSUCHOBJECT:
|
||||
- sprintf(buf,"%s", "NOSUCHOBJECT");
|
||||
- break;
|
||||
+ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
|
||||
+ break;
|
||||
case SNMP_NOSUCHINSTANCE:
|
||||
- sprintf(buf,"%s", "NOSUCHINSTANCE");
|
||||
- break;
|
||||
+ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
|
||||
+ break;
|
||||
|
||||
case ASN_COUNTER64:
|
||||
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
|
||||
@@ -538,19 +544,19 @@
|
||||
#endif
|
||||
|
||||
case ASN_BIT_STR:
|
||||
- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
|
||||
+ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
|
||||
len = strlen(buf);
|
||||
break;
|
||||
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
|
||||
case ASN_OPAQUE_FLOAT:
|
||||
- if (var->val.floatVal)
|
||||
- sprintf(buf,"%f", *var->val.floatVal);
|
||||
- break;
|
||||
+ if (var->val.floatVal)
|
||||
+ snprintf(buf, buf_len, "%f", *var->val.floatVal);
|
||||
+ break;
|
||||
|
||||
case ASN_OPAQUE_DOUBLE:
|
||||
- if (var->val.doubleVal)
|
||||
- sprintf(buf,"%f", *var->val.doubleVal);
|
||||
- break;
|
||||
+ if (var->val.doubleVal)
|
||||
+ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
|
||||
+ break;
|
||||
#endif
|
||||
|
||||
case ASN_NSAP:
|
||||
|
|
@ -253,7 +253,7 @@ syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
|
|||
#
|
||||
# exec NAME PROGRAM [ARGS ...]
|
||||
#
|
||||
# NAME: A generic name.
|
||||
# NAME: A generic name. The name must be unique for each exec statement.
|
||||
# PROGRAM: The program to run. Include the path!
|
||||
# ARGS: optional arguments to be passed to the program
|
||||
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@
|
|||
Summary: A collection of SNMP protocol tools and libraries
|
||||
Name: net-snmp
|
||||
Version: %{major_ver}
|
||||
Release: 13%{?dist}
|
||||
Release: 18%{?dist}
|
||||
Epoch: 1
|
||||
|
||||
License: BSDish
|
||||
License: BSD and CMU
|
||||
Group: System Environment/Daemons
|
||||
URL: http://net-snmp.sourceforge.net/
|
||||
Source0: http://dl.sourceforge.net/net-snmp/net-snmp-%{major_ver}.tar.gz
|
||||
|
|
@ -38,6 +38,16 @@ Patch13: net-snmp-5.4-ethtool-config.patch
|
|||
Patch14: net-snmp-5.4-free.patch
|
||||
Patch15: net-snmp-5.4-strange_libpath.patch
|
||||
Patch16: net-snmp-5.4-snmpassert.patch
|
||||
Patch17: net-snmp-5.4-hostname.patch
|
||||
Patch18: net-snmp-5.4-udp-endpoint.patch
|
||||
Patch19: net-snmp-5.3.1-shared-ip.patch
|
||||
Patch20: net-snmp-5.3.1-mib-option.patch
|
||||
Patch21: net-snmp-5.4-exec-crash.patch
|
||||
Patch22: net-snmp-5.4-smux-password.patch
|
||||
Patch23: net-snmp-5.4-udp-leak.patch
|
||||
Patch24: net-snmp-5.4-maxreps.patch
|
||||
Patch25: net-snmp-5.4.1-hmac-check.patch
|
||||
Patch26: net-snmp-5.4.1-perl-snprintf.patch
|
||||
|
||||
Requires(pre): /sbin/chkconfig
|
||||
Requires(post): /sbin/chkconfig
|
||||
|
|
@ -47,7 +57,7 @@ Requires(preun): /bin/rm
|
|||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: openssl-devel, bzip2-devel, beecrypt-devel, elfutils-devel
|
||||
BuildRequires: libselinux-devel, elfutils-libelf-devel
|
||||
BuildRequires: perl-devel
|
||||
BuildRequires: perl-devel, rpm-devel
|
||||
%ifarch %{ix86} x86_64
|
||||
BuildRequires: lm_sensors-devel
|
||||
%endif
|
||||
|
|
@ -155,6 +165,17 @@ and applications.
|
|||
%patch15 -p1 -b .strange_libpath
|
||||
%patch16 -p1 -b .verboselog
|
||||
|
||||
%patch17 -p1 -b .hostname
|
||||
%patch18 -p1 -b .udp-endpoint
|
||||
%patch19 -p1 -b .shared-ip
|
||||
%patch20 -p1 -b .mib-option
|
||||
%patch21 -p1 -b .exec-crash
|
||||
%patch22 -p0 -b .smux-password
|
||||
%patch23 -p0 -b .udp-leak
|
||||
%patch24 -p0 -b .maxreps
|
||||
%patch25 -p1 -b .hmac-check
|
||||
%patch26 -p3 -b .perl-snprintf
|
||||
|
||||
# Do this patch with a perl hack...
|
||||
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
|
||||
|
||||
|
|
@ -358,6 +379,32 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_libdir}/lib*.so.*
|
||||
|
||||
%changelog
|
||||
* Tue Jun 10 2008 Jan Safranek <jsafranek@redhat.com> 5.4-18
|
||||
- fix various flaws (CVE-2008-2292 CVE-2008-0960)
|
||||
|
||||
* Thu Feb 14 2008 Jan Safranek <jsafranek@redhat.com> 5.4-17
|
||||
- fixing ipNetToMediaNetAddress to show IP address (#432780)
|
||||
|
||||
* Tue Oct 19 2007 Jan Safranek <jsafranek@redhat.com> 5.4-16
|
||||
- License: field fixed to "BSD and CMU"
|
||||
- fix hrSWInst (#250237)
|
||||
- fix leak in UDP transport (#247771)
|
||||
- fix remote DoS attack (CVE-2007-5846)
|
||||
|
||||
* Mon Oct 8 2007 Jan Safranek <jsafranek@redhat.com> 5.4-15
|
||||
- License: field changed to MIT
|
||||
- fix segfault on parsing smuxpeer without password (#316621)
|
||||
|
||||
* Thu Jun 28 2007 Jan Safranek <jsafranek@redhat.com> 5.4-14
|
||||
- fix snmptrapd hostname logging (#238587)
|
||||
- fix udpEndpointProcess remote IP address (#236551)
|
||||
- fix -M option of net-snmp-utils (#244784)
|
||||
- default snmptrapd.conf added (#243536)
|
||||
- fix crash when multiple exec statements have the same name
|
||||
(#243536)
|
||||
- fix ugly error message when more interfaces share
|
||||
one IP address (#209861)
|
||||
|
||||
* Mon Mar 12 2007 Radek Vokál <rvokal@redhat.com> - 1:5.4-13
|
||||
- fix overly verbose log message (#221911)
|
||||
- few minor tweaks for review - still not perfect
|
||||
|
|
|
|||
Loading…
Reference in New Issue