diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-03-04 13:53:24 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-03-04 13:53:24 +0000 |
commit | e760d56c82e3b69f4ee2bc3f3790a63f01cdae49 (patch) | |
tree | 2206378f0fb931209990e20ef10bb4efe8dca6a6 | |
parent | 4fba92816c0e71757a88cc344de763867564d734 (diff) | |
download | aports-e760d56c82e3b69f4ee2bc3f3790a63f01cdae49.tar.bz2 aports-e760d56c82e3b69f4ee2bc3f3790a63f01cdae49.tar.xz |
main/net-snmp: security fix CVE-2012-6151. Fixes #2659
-rw-r--r-- | main/net-snmp/APKBUILD | 22 | ||||
-rw-r--r-- | main/net-snmp/CVE-2012-6151.patch | 190 |
2 files changed, 210 insertions, 2 deletions
diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD index 6e2d7bfc19..4a92e932a1 100644 --- a/main/net-snmp/APKBUILD +++ b/main/net-snmp/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=net-snmp pkgver=5.7.1 -pkgrel=3 +pkgrel=4 pkgdesc="Simple Network Management Protocol" url="http://www.net-snmp.org/" arch="all" @@ -19,6 +19,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz snmpd.confd snmptrapd.initd snmptrapd.confd + CVE-2012-6151.patch " _builddir="$srcdir/$pkgname-$pkgver" @@ -155,4 +156,21 @@ bd7dc10ffb5839e35ec37effcc53c2ad netsnmp-swinst-crash.patch 198a4a7b80557fa8112394df5ec9914e snmpd.initd 96510a2f3bc9f21648b03f7e8d76c0d3 snmpd.confd 7ce3e9e880fc6313ae87eb000bae4bda snmptrapd.initd -363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd" +363f7728a76bdfc46e29b7e1f5cf4950 snmptrapd.confd +16c10a6412b5c8bf69c1d086c8e7365e CVE-2012-6151.patch" +sha256sums="7c71c9650c65b715356547e20ca2dbe6313944278af8cc19c32a5337f46b181f net-snmp-5.7.1.tar.gz +28448ebc7821d7f79bef0741b687ac40aa6419bc319578b92ed910157bd3a417 netsnmp-arp-netlink-fix.patch +377e54bc2b66590c1c5174bf2e2c820adcbecd703d67c68be13c325d04d7d0c4 netsnmp-swinst-crash.patch +2fa0a1ecd5f64827592bf55f0416cb61c6eec114aadd3e9d20aa92ce71c3a09f snmpd.initd +4a8eb647d8b8f25b03858e3815489eaf2cd8fd4932185f97a1d896f8ee2f85e8 snmpd.confd +4baf3ee9950ded78078d93c32833ff657d7e85580d64778cdc9a963cf24bc7ab snmptrapd.initd +095647b0e5be51e2bdd398267d7450da678b7d23cae6273f9b9461a26f89d69f snmptrapd.confd +010b4eeac6b436876890c283ac29385e63684fcd07d44eda93a635a945c63293 CVE-2012-6151.patch" +sha512sums="1e20181ab6c7c6062e0dd2f9b55f27bceb151b83e3174aa86e358e55be99792ef01251edc1401cde1192494599b17f65d390f7286b3571a733c32b12fac46993 net-snmp-5.7.1.tar.gz +c30845a2d9da624bd851cdb1b0534ed21f85a7956c43f9f99f79132d05619dec77e3b71ead942cc90f1418598a9656143cdba56c010318b21a05c8e5af3c28a2 netsnmp-arp-netlink-fix.patch +78c036f1e6b4e3592cb2a6ff9b22671c930e337e9644298a9f78b6f13af1d9241d9c15dcc996b441b51cb2d551bf2dfe5caf602ff1e17baf7b6532f3dc6ba5bd netsnmp-swinst-crash.patch +ad66fef217ad9884114e9006c20074288656cf79fae19b59941545bbb551adfaaf4ec54cd0802e096a715d35c49a7c94cd4369302f847b8ba2892bd9fb62848c snmpd.initd +3030ad11dd556569e481f108af69aef620b1fe67be8d8d12016f4aed1f0ffdb6c2ee87c40ed5bc883986568227e097cb7aa958658e01da51576848715bf65472 snmpd.confd +e9b29b89d27e88420932ea6ca077a6c807ae5555436cad4d840ec732b5851a498661d0d174f22d308f403904b623d7eadf9d201a539529ff57ced18bc8c58b6f snmptrapd.initd +9cafeece565ca09c2cc85fa9c805d9932a745aca45b999e7511ccd0ffe0a95eddc1441ed231acf52a811db124bc2f797612ebb182b0a8a959ad24506e790a0b1 snmptrapd.confd +f39cad8bb4ed38cfa1e53f58f09e8a83ce8c3272ef8a522422a4f7b759a56c81a4ae31f1ead8da9b800509ea3e9d48892612f27ddcbd2f3853d5f7535b00b0f1 CVE-2012-6151.patch" diff --git a/main/net-snmp/CVE-2012-6151.patch b/main/net-snmp/CVE-2012-6151.patch new file mode 100644 index 0000000000..03a10182ae --- /dev/null +++ b/main/net-snmp/CVE-2012-6151.patch @@ -0,0 +1,190 @@ +--- a/agent/mibgroup/agentx/master_admin.c ++++ b/agent/mibgroup/agentx/master_admin.c +@@ -158,6 +158,7 @@ + for (sp = session->subsession; sp != NULL; sp = sp->next) { + + if (sp->sessid == sessid) { ++ netsnmp_remove_delegated_requests_for_session(sp); + unregister_mibs_by_session(sp); + unregister_index_by_session(sp); + unregister_sysORTable_by_session(sp); +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -1415,6 +1415,7 @@ + asp->treecache_num = -1; + asp->treecache_len = 0; + asp->reqinfo = SNMP_MALLOC_TYPEDEF(netsnmp_agent_request_info); ++ asp->flags = SNMP_AGENT_FLAGS_NONE; + DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p created\n", + asp, asp->reqinfo)); + +@@ -1463,6 +1464,9 @@ + + if (NULL == asp->treecache) + return 0; ++ ++ if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS) ++ return 0; + + for (i = 0; i <= asp->treecache_num; i++) { + for (request = asp->treecache[i].requests_begin; request; +@@ -1541,39 +1545,48 @@ + netsnmp_remove_delegated_requests_for_session(netsnmp_session *sess) + { + netsnmp_agent_session *asp; +- int count = 0; ++ int total_count = 0; + + for (asp = agent_delegated_list; asp; asp = asp->next) { + /* + * check each request + */ ++ int i; ++ int count = 0; + netsnmp_request_info *request; +- for(request = asp->requests; request; request = request->next) { +- /* +- * check session +- */ +- netsnmp_assert(NULL!=request->subtree); +- if(request->subtree->session != sess) +- continue; +- +- /* +- * matched! mark request as done +- */ +- netsnmp_request_set_error(request, SNMP_ERR_GENERR); +- ++count; ++ for (i = 0; i <= asp->treecache_num; i++) { ++ for (request = asp->treecache[i].requests_begin; request; ++ request = request->next) { ++ /* ++ * check session ++ */ ++ netsnmp_assert(NULL!=request->subtree); ++ if(request->subtree->session != sess) ++ continue; ++ ++ /* ++ * matched! mark request as done ++ */ ++ netsnmp_request_set_error(request, SNMP_ERR_GENERR); ++ ++count; ++ } ++ } ++ if (count) { ++ asp->flags |= SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS; ++ total_count += count; + } + } + + /* + * if we found any, that request may be finished now + */ +- if(count) { ++ if(total_count) { + DEBUGMSGTL(("snmp_agent", "removed %d delegated request(s) for session " +- "%8p\n", count, sess)); +- netsnmp_check_outstanding_agent_requests(); ++ "%8p\n", total_count, sess)); ++ netsnmp_check_delegated_requests(); + } + +- return count; ++ return total_count; + } + + int +@@ -2745,19 +2758,11 @@ + return final_status; + } + +-/* +- * loop through our sessions known delegated sessions and check to see +- * if they've completed yet. If there are no more delegated sessions, +- * check for and process any queued requests +- */ + void +-netsnmp_check_outstanding_agent_requests(void) ++netsnmp_check_delegated_requests(void) + { + netsnmp_agent_session *asp, *prev_asp = NULL, *next_asp = NULL; + +- /* +- * deal with delegated requests +- */ + for (asp = agent_delegated_list; asp; asp = next_asp) { + next_asp = asp->next; /* save in case we clean up asp */ + if (!netsnmp_check_for_delegated(asp)) { +@@ -2796,6 +2801,22 @@ + prev_asp = asp; + } + } ++} ++ ++/* ++ * loop through our sessions known delegated sessions and check to see ++ * if they've completed yet. If there are no more delegated sessions, ++ * check for and process any queued requests ++ */ ++void ++netsnmp_check_outstanding_agent_requests(void) ++{ ++ netsnmp_agent_session *asp; ++ ++ /* ++ * deal with delegated requests ++ */ ++ netsnmp_check_delegated_requests(); + + /* + * if we are processing a set and there are more delegated +@@ -2825,7 +2846,8 @@ + + netsnmp_processing_set = netsnmp_agent_queued_list; + DEBUGMSGTL(("snmp_agent", "SET request remains queued while " +- "delegated requests finish, asp = %8p\n", asp)); ++ "delegated requests finish, asp = %8p\n", ++ agent_delegated_list)); + break; + } + #endif /* NETSNMP_NO_WRITE_SUPPORT */ +@@ -2886,6 +2908,10 @@ + case SNMP_MSG_GETBULK: + case SNMP_MSG_GETNEXT: + netsnmp_check_all_requests_status(asp, 0); ++ if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS) { ++ DEBUGMSGTL(("snmp_agent","canceling next walk for asp %p\n", asp)); ++ break; ++ } + handle_getnext_loop(asp); + if (netsnmp_check_for_delegated(asp) && + netsnmp_check_transaction_id(asp->pdu->transid) != +--- a/include/net-snmp/agent/snmp_agent.h ++++ b/include/net-snmp/agent/snmp_agent.h +@@ -31,6 +31,9 @@ + + #define SNMP_MAX_PDU_SIZE 64000 /* local constraint on PDU size sent by agent + * (see also SNMP_MAX_MSG_SIZE in snmp_api.h) */ ++ ++#define SNMP_AGENT_FLAGS_NONE 0x0 ++#define SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS 0x1 + + /* + * If non-zero, causes the addresses of peers to be logged when receptions +@@ -205,6 +208,7 @@ + int treecache_num; /* number of current cache entries */ + netsnmp_cachemap *cache_store; + int vbcount; ++ int flags; + } netsnmp_agent_session; + + /* +@@ -240,6 +244,7 @@ + int init_master_agent(void); + void shutdown_master_agent(void); + int agent_check_and_process(int block); ++ void netsnmp_check_delegated_requests(void); + void netsnmp_check_outstanding_agent_requests(void); + + int netsnmp_request_set_error(netsnmp_request_info *request, |