aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2014-03-04 13:53:24 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2014-03-04 13:53:24 +0000
commite760d56c82e3b69f4ee2bc3f3790a63f01cdae49 (patch)
tree2206378f0fb931209990e20ef10bb4efe8dca6a6
parent4fba92816c0e71757a88cc344de763867564d734 (diff)
downloadaports-e760d56c82e3b69f4ee2bc3f3790a63f01cdae49.tar.bz2
aports-e760d56c82e3b69f4ee2bc3f3790a63f01cdae49.tar.xz
main/net-snmp: security fix CVE-2012-6151. Fixes #2659
-rw-r--r--main/net-snmp/APKBUILD22
-rw-r--r--main/net-snmp/CVE-2012-6151.patch190
2 files changed, 210 insertions, 2 deletions
diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD
index 6e2d7bfc19..4a92e932a1 100644
--- a/main/net-snmp/APKBUILD
+++ b/main/net-snmp/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=net-snmp
pkgver=5.7.1
-pkgrel=3
+pkgrel=4
pkgdesc="Simple Network Management Protocol"
url="http://www.net-snmp.org/"
arch="all"
@@ -19,6 +19,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
snmpd.confd
snmptrapd.initd
snmptrapd.confd
+ CVE-2012-6151.patch
"
_builddir="$srcdir/$pkgname-$pkgver"
@@ -155,4 +156,21 @@ bd7dc10ffb5839e35ec37effcc53c2ad netsnmp-swinst-crash.patch
198a4a7b80557fa8112394df5ec9914e snmpd.initd
96510a2f3bc9f21648b03f7e8d76c0d3 snmpd.confd
7ce3e9e880fc6313ae87eb000bae4bda snmptrapd.initd
-363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd"
+363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd
+16c10a6412b5c8bf69c1d086c8e7365e CVE-2012-6151.patch"
+sha256sums="7c71c9650c65b715356547e20ca2dbe6313944278af8cc19c32a5337f46b181f net-snmp-5.7.1.tar.gz
+28448ebc7821d7f79bef0741b687ac40aa6419bc319578b92ed910157bd3a417 netsnmp-arp-netlink-fix.patch
+377e54bc2b66590c1c5174bf2e2c820adcbecd703d67c68be13c325d04d7d0c4 netsnmp-swinst-crash.patch
+2fa0a1ecd5f64827592bf55f0416cb61c6eec114aadd3e9d20aa92ce71c3a09f snmpd.initd
+4a8eb647d8b8f25b03858e3815489eaf2cd8fd4932185f97a1d896f8ee2f85e8 snmpd.confd
+4baf3ee9950ded78078d93c32833ff657d7e85580d64778cdc9a963cf24bc7ab snmptrapd.initd
+095647b0e5be51e2bdd398267d7450da678b7d23cae6273f9b9461a26f89d69f snmptrapd.confd
+010b4eeac6b436876890c283ac29385e63684fcd07d44eda93a635a945c63293 CVE-2012-6151.patch"
+sha512sums="1e20181ab6c7c6062e0dd2f9b55f27bceb151b83e3174aa86e358e55be99792ef01251edc1401cde1192494599b17f65d390f7286b3571a733c32b12fac46993 net-snmp-5.7.1.tar.gz
+c30845a2d9da624bd851cdb1b0534ed21f85a7956c43f9f99f79132d05619dec77e3b71ead942cc90f1418598a9656143cdba56c010318b21a05c8e5af3c28a2 netsnmp-arp-netlink-fix.patch
+78c036f1e6b4e3592cb2a6ff9b22671c930e337e9644298a9f78b6f13af1d9241d9c15dcc996b441b51cb2d551bf2dfe5caf602ff1e17baf7b6532f3dc6ba5bd netsnmp-swinst-crash.patch
+ad66fef217ad9884114e9006c20074288656cf79fae19b59941545bbb551adfaaf4ec54cd0802e096a715d35c49a7c94cd4369302f847b8ba2892bd9fb62848c snmpd.initd
+3030ad11dd556569e481f108af69aef620b1fe67be8d8d12016f4aed1f0ffdb6c2ee87c40ed5bc883986568227e097cb7aa958658e01da51576848715bf65472 snmpd.confd
+e9b29b89d27e88420932ea6ca077a6c807ae5555436cad4d840ec732b5851a498661d0d174f22d308f403904b623d7eadf9d201a539529ff57ced18bc8c58b6f snmptrapd.initd
+9cafeece565ca09c2cc85fa9c805d9932a745aca45b999e7511ccd0ffe0a95eddc1441ed231acf52a811db124bc2f797612ebb182b0a8a959ad24506e790a0b1 snmptrapd.confd
+f39cad8bb4ed38cfa1e53f58f09e8a83ce8c3272ef8a522422a4f7b759a56c81a4ae31f1ead8da9b800509ea3e9d48892612f27ddcbd2f3853d5f7535b00b0f1 CVE-2012-6151.patch"
diff --git a/main/net-snmp/CVE-2012-6151.patch b/main/net-snmp/CVE-2012-6151.patch
new file mode 100644
index 0000000000..03a10182ae
--- /dev/null
+++ b/main/net-snmp/CVE-2012-6151.patch
@@ -0,0 +1,190 @@
+--- a/agent/mibgroup/agentx/master_admin.c
++++ b/agent/mibgroup/agentx/master_admin.c
+@@ -158,6 +158,7 @@
+ for (sp = session->subsession; sp != NULL; sp = sp->next) {
+
+ if (sp->sessid == sessid) {
++ netsnmp_remove_delegated_requests_for_session(sp);
+ unregister_mibs_by_session(sp);
+ unregister_index_by_session(sp);
+ unregister_sysORTable_by_session(sp);
+--- a/agent/snmp_agent.c
++++ b/agent/snmp_agent.c
+@@ -1415,6 +1415,7 @@
+ asp->treecache_num = -1;
+ asp->treecache_len = 0;
+ asp->reqinfo = SNMP_MALLOC_TYPEDEF(netsnmp_agent_request_info);
++ asp->flags = SNMP_AGENT_FLAGS_NONE;
+ DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p created\n",
+ asp, asp->reqinfo));
+
+@@ -1463,6 +1464,9 @@
+
+ if (NULL == asp->treecache)
+ return 0;
++
++ if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS)
++ return 0;
+
+ for (i = 0; i <= asp->treecache_num; i++) {
+ for (request = asp->treecache[i].requests_begin; request;
+@@ -1541,39 +1545,48 @@
+ netsnmp_remove_delegated_requests_for_session(netsnmp_session *sess)
+ {
+ netsnmp_agent_session *asp;
+- int count = 0;
++ int total_count = 0;
+
+ for (asp = agent_delegated_list; asp; asp = asp->next) {
+ /*
+ * check each request
+ */
++ int i;
++ int count = 0;
+ netsnmp_request_info *request;
+- for(request = asp->requests; request; request = request->next) {
+- /*
+- * check session
+- */
+- netsnmp_assert(NULL!=request->subtree);
+- if(request->subtree->session != sess)
+- continue;
+-
+- /*
+- * matched! mark request as done
+- */
+- netsnmp_request_set_error(request, SNMP_ERR_GENERR);
+- ++count;
++ for (i = 0; i <= asp->treecache_num; i++) {
++ for (request = asp->treecache[i].requests_begin; request;
++ request = request->next) {
++ /*
++ * check session
++ */
++ netsnmp_assert(NULL!=request->subtree);
++ if(request->subtree->session != sess)
++ continue;
++
++ /*
++ * matched! mark request as done
++ */
++ netsnmp_request_set_error(request, SNMP_ERR_GENERR);
++ ++count;
++ }
++ }
++ if (count) {
++ asp->flags |= SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS;
++ total_count += count;
+ }
+ }
+
+ /*
+ * if we found any, that request may be finished now
+ */
+- if(count) {
++ if(total_count) {
+ DEBUGMSGTL(("snmp_agent", "removed %d delegated request(s) for session "
+- "%8p\n", count, sess));
+- netsnmp_check_outstanding_agent_requests();
++ "%8p\n", total_count, sess));
++ netsnmp_check_delegated_requests();
+ }
+
+- return count;
++ return total_count;
+ }
+
+ int
+@@ -2745,19 +2758,11 @@
+ return final_status;
+ }
+
+-/*
+- * loop through our sessions known delegated sessions and check to see
+- * if they've completed yet. If there are no more delegated sessions,
+- * check for and process any queued requests
+- */
+ void
+-netsnmp_check_outstanding_agent_requests(void)
++netsnmp_check_delegated_requests(void)
+ {
+ netsnmp_agent_session *asp, *prev_asp = NULL, *next_asp = NULL;
+
+- /*
+- * deal with delegated requests
+- */
+ for (asp = agent_delegated_list; asp; asp = next_asp) {
+ next_asp = asp->next; /* save in case we clean up asp */
+ if (!netsnmp_check_for_delegated(asp)) {
+@@ -2796,6 +2801,22 @@
+ prev_asp = asp;
+ }
+ }
++}
++
++/*
++ * loop through our sessions known delegated sessions and check to see
++ * if they've completed yet. If there are no more delegated sessions,
++ * check for and process any queued requests
++ */
++void
++netsnmp_check_outstanding_agent_requests(void)
++{
++ netsnmp_agent_session *asp;
++
++ /*
++ * deal with delegated requests
++ */
++ netsnmp_check_delegated_requests();
+
+ /*
+ * if we are processing a set and there are more delegated
+@@ -2825,7 +2846,8 @@
+
+ netsnmp_processing_set = netsnmp_agent_queued_list;
+ DEBUGMSGTL(("snmp_agent", "SET request remains queued while "
+- "delegated requests finish, asp = %8p\n", asp));
++ "delegated requests finish, asp = %8p\n",
++ agent_delegated_list));
+ break;
+ }
+ #endif /* NETSNMP_NO_WRITE_SUPPORT */
+@@ -2886,6 +2908,10 @@
+ case SNMP_MSG_GETBULK:
+ case SNMP_MSG_GETNEXT:
+ netsnmp_check_all_requests_status(asp, 0);
++ if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS) {
++ DEBUGMSGTL(("snmp_agent","canceling next walk for asp %p\n", asp));
++ break;
++ }
+ handle_getnext_loop(asp);
+ if (netsnmp_check_for_delegated(asp) &&
+ netsnmp_check_transaction_id(asp->pdu->transid) !=
+--- a/include/net-snmp/agent/snmp_agent.h
++++ b/include/net-snmp/agent/snmp_agent.h
+@@ -31,6 +31,9 @@
+
+ #define SNMP_MAX_PDU_SIZE 64000 /* local constraint on PDU size sent by agent
+ * (see also SNMP_MAX_MSG_SIZE in snmp_api.h) */
++
++#define SNMP_AGENT_FLAGS_NONE 0x0
++#define SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS 0x1
+
+ /*
+ * If non-zero, causes the addresses of peers to be logged when receptions
+@@ -205,6 +208,7 @@
+ int treecache_num; /* number of current cache entries */
+ netsnmp_cachemap *cache_store;
+ int vbcount;
++ int flags;
+ } netsnmp_agent_session;
+
+ /*
+@@ -240,6 +244,7 @@
+ int init_master_agent(void);
+ void shutdown_master_agent(void);
+ int agent_check_and_process(int block);
++ void netsnmp_check_delegated_requests(void);
+ void netsnmp_check_outstanding_agent_requests(void);
+
+ int netsnmp_request_set_error(netsnmp_request_info *request,