Date: Wed, 8 Jun 2016 17:44:22 +0000 (UTC) From: Garrett Cooper <ngie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r301662 - in stable/9/contrib/bsnmp: lib snmp_mibII snmp_target Message-ID: <201606081744.u58HiMvO036981@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ngie Date: Wed Jun 8 17:44:22 2016 New Revision: 301662 URL: https://svnweb.freebsd.org/changeset/base/301662 Log: MFstable/10 r301661: MFC r256678,r256680,r260986,r272878,r286402: r256678 (by syrinx): Fix SNMP Error response PDUs and properly encode them when using v3 auth/encryption. r256680 (by syrinx): Fix the -Wconversion warnings produced when compiling the SNMP agent. r260986 (by harti): Fix a problem with OBJECT IDENTIFIER encoding: need to check the second subid to be less than 40, not the first when the first subid is 0 or 1. r272878 (by syrinx): Fix a bug in decoding string indexes in snmp_target(3), thus causing bsnmpd(1) to not send v3 notifications properly; while here add two missing return statements which could lead to abort() in case of a rollback r286402 (by araujo): Fix variable 'old' is used uninitialized whenever '&&' condition is false. Spotted by clang. Modified: stable/9/contrib/bsnmp/lib/asn1.c stable/9/contrib/bsnmp/lib/snmp.c stable/9/contrib/bsnmp/lib/snmp.h stable/9/contrib/bsnmp/lib/snmpagent.c stable/9/contrib/bsnmp/snmp_mibII/mibII_ip.c stable/9/contrib/bsnmp/snmp_target/target_snmp.c Directory Properties: stable/9/ (props changed) stable/9/contrib/ (props changed) stable/9/contrib/bsnmp/ (props changed) stable/9/contrib/bsnmp/snmp_mibII/ (props changed) Modified: stable/9/contrib/bsnmp/lib/asn1.c ============================================================================== --- stable/9/contrib/bsnmp/lib/asn1.c Wed Jun 8 17:43:04 2016 (r301661) +++ stable/9/contrib/bsnmp/lib/asn1.c Wed Jun 8 17:44:22 2016 (r301662) @@ -652,7 +652,7 @@ asn_put_objid(struct asn_buf *b, const s err = ASN_ERR_RANGE; } if (oid->subs[0] > 2 || - (oid->subs[0] < 2 && oid->subs[0] >= 40)) { + (oid->subs[0] < 2 && oid->subs[1] >= 40)) { asn_error(NULL, "oid out of range (%u,%u)", oid->subs[0], oid->subs[1]); err = ASN_ERR_RANGE; Modified: stable/9/contrib/bsnmp/lib/snmp.c ============================================================================== --- stable/9/contrib/bsnmp/lib/snmp.c Wed Jun 8 17:43:04 2016 (r301661) +++ stable/9/contrib/bsnmp/lib/snmp.c Wed Jun 8 17:44:22 2016 (r301662) @@ -288,11 +288,13 @@ parse_secparams(struct asn_buf *b, struc memset(buf, 0, 256); tb.asn_ptr = buf; tb.asn_len = 256; + u_int len; - if (asn_get_octetstring(b, buf, &tb.asn_len) != ASN_ERR_OK) { + if (asn_get_octetstring(b, buf, &len) != ASN_ERR_OK) { snmp_error("cannot parse usm header"); return (ASN_ERR_FAILED); } + tb.asn_len = len; if (asn_get_sequence(&tb, &octs_len) != ASN_ERR_OK) { snmp_error("cannot decode usm header"); @@ -864,7 +866,7 @@ snmp_fix_encoding(struct asn_buf *b, str return (SNMP_CODE_FAILED); pdu->scoped_len = b->asn_ptr - pdu->scoped_ptr; - if ((code = snmp_pdu_fix_padd(b, pdu))!= ASN_ERR_OK) + if (snmp_pdu_fix_padd(b, pdu) != ASN_ERR_OK) return (SNMP_CODE_FAILED); if (pdu->security_model != SNMP_SECMODEL_USM) @@ -997,7 +999,7 @@ snmp_pdu_encode(struct snmp_pdu *pdu, st if ((err = snmp_pdu_encode_header(resp_b, pdu)) != SNMP_CODE_OK) return (err); for (idx = 0; idx < pdu->nbindings; idx++) - if ((err = snmp_binding_encode(resp_b, &pdu->bindings[idx])) + if (snmp_binding_encode(resp_b, &pdu->bindings[idx]) != ASN_ERR_OK) return (SNMP_CODE_FAILED); Modified: stable/9/contrib/bsnmp/lib/snmp.h ============================================================================== --- stable/9/contrib/bsnmp/lib/snmp.h Wed Jun 8 17:43:04 2016 (r301661) +++ stable/9/contrib/bsnmp/lib/snmp.h Wed Jun 8 17:44:22 2016 (r301662) @@ -182,7 +182,7 @@ struct snmp_pdu { /* fixes for encoding */ size_t outer_len; - size_t scoped_len; + asn_len_t scoped_len; u_char *outer_ptr; u_char *digest_ptr; u_char *encrypted_ptr; Modified: stable/9/contrib/bsnmp/lib/snmpagent.c ============================================================================== --- stable/9/contrib/bsnmp/lib/snmpagent.c Wed Jun 8 17:43:04 2016 (r301661) +++ stable/9/contrib/bsnmp/lib/snmpagent.c Wed Jun 8 17:44:22 2016 (r301662) @@ -166,7 +166,7 @@ find_subnode(const struct snmp_value *va } static void -snmp_pdu_create_response(struct snmp_pdu *pdu, struct snmp_pdu *resp) +snmp_pdu_create_response(const struct snmp_pdu *pdu, struct snmp_pdu *resp) { memset(resp, 0, sizeof(*resp)); strcpy(resp->community, pdu->community); @@ -276,7 +276,12 @@ snmp_get(struct snmp_pdu *pdu, struct as } } - return (snmp_fix_encoding(resp_b, resp)); + if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) { + snmp_debug("get: failed to encode PDU"); + return (SNMP_RET_ERR); + } + + return (SNMP_RET_OK); } static struct snmp_node * @@ -438,7 +443,13 @@ snmp_getnext(struct snmp_pdu *pdu, struc return (SNMP_RET_ERR); } } - return (snmp_fix_encoding(resp_b, resp)); + + if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) { + snmp_debug("getnext: failed to encode PDU"); + return (SNMP_RET_ERR); + } + + return (SNMP_RET_OK); } enum snmp_ret @@ -542,7 +553,12 @@ snmp_getbulk(struct snmp_pdu *pdu, struc } done: - return (snmp_fix_encoding(resp_b, resp)); + if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) { + snmp_debug("getnext: failed to encode PDU"); + return (SNMP_RET_ERR); + } + + return (SNMP_RET_OK); } /* @@ -957,18 +973,57 @@ enum snmp_ret snmp_make_errresp(const struct snmp_pdu *pdu, struct asn_buf *pdu_b, struct asn_buf *resp_b) { + u_char type; asn_len_t len; struct snmp_pdu resp; enum asn_err err; enum snmp_code code; - memset(&resp, 0, sizeof(resp)); + snmp_pdu_create_response(pdu, &resp); + if ((code = snmp_pdu_decode_header(pdu_b, &resp)) != SNMP_CODE_OK) return (SNMP_RET_IGN); - if (pdu_b->asn_len < len) + if (pdu->version == SNMP_V3) { + if (resp.user.priv_proto != SNMP_PRIV_NOPRIV && + (asn_get_header(pdu_b, &type, &resp.scoped_len) != ASN_ERR_OK + || type != ASN_TYPE_OCTETSTRING)) { + snmp_error("cannot decode encrypted pdu"); + return (SNMP_RET_IGN); + } + + if (asn_get_sequence(pdu_b, &len) != ASN_ERR_OK) { + snmp_error("cannot decode scoped pdu header"); + return (SNMP_RET_IGN); + } + + len = SNMP_ENGINE_ID_SIZ; + if (asn_get_octetstring(pdu_b, (u_char *)resp.context_engine, + &len) != ASN_ERR_OK) { + snmp_error("cannot decode msg context engine"); + return (SNMP_RET_IGN); + } + resp.context_engine_len = len; + len = SNMP_CONTEXT_NAME_SIZ; + if (asn_get_octetstring(pdu_b, (u_char *)resp.context_name, + &len) != ASN_ERR_OK) { + snmp_error("cannot decode msg context name"); + return (SNMP_RET_IGN); + } + resp.context_name[len] = '\0'; + } + + + if (asn_get_header(pdu_b, &type, &len) != ASN_ERR_OK) { + snmp_error("cannot get pdu header"); return (SNMP_RET_IGN); - pdu_b->asn_len = len; + } + + if ((type & ~ASN_TYPE_MASK) != + (ASN_TYPE_CONSTRUCTED | ASN_CLASS_CONTEXT)) { + snmp_error("bad pdu header tag"); + return (SNMP_RET_IGN); + } err = snmp_parse_pdus_hdr(pdu_b, &resp, &len); if (ASN_ERR_STOPPED(err)) Modified: stable/9/contrib/bsnmp/snmp_mibII/mibII_ip.c ============================================================================== --- stable/9/contrib/bsnmp/snmp_mibII/mibII_ip.c Wed Jun 8 17:43:04 2016 (r301661) +++ stable/9/contrib/bsnmp/snmp_mibII/mibII_ip.c Wed Jun 8 17:44:22 2016 (r301662) @@ -151,7 +151,7 @@ int op_ip(struct snmp_context *ctx, struct snmp_value *value, u_int sub, u_int idx __unused, enum snmp_op op) { - int old; + int old = 0; switch (op) { Modified: stable/9/contrib/bsnmp/snmp_target/target_snmp.c ============================================================================== --- stable/9/contrib/bsnmp/snmp_target/target_snmp.c Wed Jun 8 17:43:04 2016 (r301661) +++ stable/9/contrib/bsnmp/snmp_target/target_snmp.c Wed Jun 8 17:44:22 2016 (r301662) @@ -301,6 +301,7 @@ op_snmp_target_addrs(struct snmp_context default: break; } + return (SNMP_ERR_NOERROR); default: abort(); @@ -625,6 +626,7 @@ op_snmp_notify(struct snmp_context *ctx default: break; } + return (SNMP_ERR_NOERROR); default: abort(); @@ -663,13 +665,14 @@ target_append_index(struct asn_oid *oid, static int target_decode_index(const struct asn_oid *oid, uint sub, char *name) { - uint32_t i, len; + uint32_t i; - if ((len = oid->len - sub) >= SNMP_ADM_STR32_SIZ) + if (oid->len - sub != oid->subs[sub] + 1 || oid->subs[sub] >= + SNMP_ADM_STR32_SIZ) return (-1); - for (i = 0; i < len; i++) - name[i] = oid->subs[sub + i]; + for (i = 0; i < oid->subs[sub]; i++) + name[i] = oid->subs[sub + i + 1]; name[i] = '\0'; return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606081744.u58HiMvO036981>