aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-08-04 09:20:07 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-08-04 09:20:35 +0000
commitd62a69d9f27a321395d715b11f8945f6674b1a23 (patch)
treed49739263faa9caff6a0dc4955a02ebba6bfdb4f /main
parentb9e851546e0145ef7fe5dd38da6f0cc7ed21f2cd (diff)
downloadaports-d62a69d9f27a321395d715b11f8945f6674b1a23.tar.bz2
aports-d62a69d9f27a321395d715b11f8945f6674b1a23.tar.xz
main/net-snmp: security fix for CVE-2015-5621
Diffstat (limited to 'main')
-rw-r--r--main/net-snmp/APKBUILD7
-rw-r--r--main/net-snmp/CVE-2015-5621.patch132
2 files changed, 138 insertions, 1 deletions
diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD
index 6104d86656..9b8e8bbdfc 100644
--- a/main/net-snmp/APKBUILD
+++ b/main/net-snmp/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=net-snmp
pkgver=5.7.3
-pkgrel=2
+pkgrel=3
pkgdesc="Simple Network Management Protocol"
url="http://www.net-snmp.org/"
arch="all"
@@ -17,6 +17,8 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-agent-libs:alibs
source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
netsnmp-swinst-crash.patch
fix-includes.patch
+ CVE-2015-5621.patch
+
snmpd.initd
snmpd.confd
snmptrapd.initd
@@ -157,6 +159,7 @@ tools() {
md5sums="d4a3459e1577d0efa8d96ca70a885e53 net-snmp-5.7.3.tar.gz
4fd189ec7154114c9bd19f2b0058ae9c netsnmp-swinst-crash.patch
0fe11859a55f8e2489d5de629971a242 fix-includes.patch
+2267947dd243b4fa85a3cf0c23dbaa76 CVE-2015-5621.patch
15faba29c3a61aaa41e4ca9b04f3cebf snmpd.initd
ea1296c366d6a7b0dab8a5b46e02d139 snmpd.confd
b929515d53d6f5dbf7f85c92efc90455 snmptrapd.initd
@@ -164,6 +167,7 @@ b929515d53d6f5dbf7f85c92efc90455 snmptrapd.initd
sha256sums="12ef89613c7707dc96d13335f153c1921efc9d61d3708ef09f3fc4a7014fb4f0 net-snmp-5.7.3.tar.gz
2de23959acf74d8f893129819149d016cc22f2d60e15f875e4d17de33931013e netsnmp-swinst-crash.patch
7528f7d368a0a4536915805c065f8496c37cb99dbc74d508bed89831cd5af37e fix-includes.patch
+4cfe532b39877d90836d04079ab7bff14727719e8ca719ead9d615b21cade255 CVE-2015-5621.patch
c8597688d848f10f305f883466300e48fa4976b782835a45781ad7e1a8374cd6 snmpd.initd
e1434b38611a436278b1f0974a55ea3374863a975405b5dc2da836e9acb082ff snmpd.confd
bad9efc1b131d7a0b5a05dedc589b011908ee9eb24472bffa6c5838d363db11e snmptrapd.initd
@@ -171,6 +175,7 @@ bad9efc1b131d7a0b5a05dedc589b011908ee9eb24472bffa6c5838d363db11e snmptrapd.init
sha512sums="0758bba5844cfd6c80959ac16b83906a2f830ba49fd0ab1bf9e191dc6a79d312a2e4760bd53b3e1a1c82759481f0064d088d5a3cf475d84b25679a6bd0f049bb net-snmp-5.7.3.tar.gz
4ad92f50b14d5e27ba86256cc532a2dd055502f4d5fbb1700434f9f01f881fd09bb1eadb94e727554e1470f036707558314c64a66d0376b54e71ab31d5e4baa3 netsnmp-swinst-crash.patch
87a552bd2e41684bba6e87fbcf6454a85ee912d7a339411fda24cebddf7661f0856729e076a917920a542cf84b687ffd90a091daa15f2c48f0ff64f3a53c0ddb fix-includes.patch
+2b2a7be54a570e3c1bb701f8ccfb98ea8e50a19fda021f43a521d4e968ded1bc5e794fc4348dff7fcdf57da34ff6b555398851bbccfcf92bb75ad6f365a80dba CVE-2015-5621.patch
b19c039ad45b1802a243b6c2b870aca1f251f8fc22530bbe3c61b037f289891efa692dc1d6bd53148ee35c115367cbb22200af480b7898bfb2cb0a4b0d51cd73 snmpd.initd
ad30bb027dbd18272a4ddb34009bdaa19df030f23956c5fa592e47cf76ad87175ae6b97659b8bbd866d79674bbc7b8b3a8a400746139c18de0eb86902706b65f snmpd.confd
17239cdeac6bf8ea47bc1238567f72be9c755591ca386a87e58ee5d3ac074e228b5cdd399618e7434a8c535537d6c6a48c8d66d84380b8944fe00514f090c00d snmptrapd.initd
diff --git a/main/net-snmp/CVE-2015-5621.patch b/main/net-snmp/CVE-2015-5621.patch
new file mode 100644
index 0000000000..6d30f99ee7
--- /dev/null
+++ b/main/net-snmp/CVE-2015-5621.patch
@@ -0,0 +1,132 @@
+From 3714c5be3212d2af61545439eeb432e5d84a8d39 Mon Sep 17 00:00:00 2001
+From: Robert Story <rstory@localhost>
+Date: Sat, 11 Apr 2015 18:49:02 -0400
+Subject: [PATCH] CHANGES: BUG: #2615: Don't return incompletely parsed
+ varbinds
+
+---
+ snmplib/snmp_api.c | 55 +++++++++++++++++++++++++++---------------------------
+ 1 file changed, 28 insertions(+), 27 deletions(-)
+
+diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c
+index 191debf..adae4e4 100644
+--- a/snmplib/snmp_api.c
++++ b/snmplib/snmp_api.c
+@@ -4350,10 +4350,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length)
+ u_char type;
+ u_char msg_type;
+ u_char *var_val;
+- int badtype = 0;
+ size_t len;
+ size_t four;
+- netsnmp_variable_list *vp = NULL;
++ netsnmp_variable_list *vp = NULL, *vplast = NULL;
+ oid objid[MAX_OID_LEN];
+ u_char *p;
+
+@@ -4493,38 +4492,24 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length)
+ (ASN_SEQUENCE | ASN_CONSTRUCTOR),
+ "varbinds");
+ if (data == NULL)
+- return -1;
++ goto fail;
+
+ /*
+ * get each varBind sequence
+ */
+ while ((int) *length > 0) {
+- netsnmp_variable_list *vptemp;
+- vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp));
+- if (NULL == vptemp) {
+- return -1;
+- }
+- if (NULL == vp) {
+- pdu->variables = vptemp;
+- } else {
+- vp->next_variable = vptemp;
+- }
+- vp = vptemp;
++ vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list);
++ if (NULL == vp)
++ goto fail;
+
+- vp->next_variable = NULL;
+- vp->val.string = NULL;
+ vp->name_length = MAX_OID_LEN;
+- vp->name = NULL;
+- vp->index = 0;
+- vp->data = NULL;
+- vp->dataFreeHook = NULL;
+ DEBUGDUMPSECTION("recv", "VarBind");
+ data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type,
+ &vp->val_len, &var_val, length);
+ if (data == NULL)
+- return -1;
++ goto fail;
+ if (snmp_set_var_objid(vp, objid, vp->name_length))
+- return -1;
++ goto fail;
+
+ len = MAX_PACKET_LENGTH;
+ DEBUGDUMPHEADER("recv", "Value");
+@@ -4604,7 +4589,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length)
+ vp->val.string = (u_char *) malloc(vp->val_len);
+ }
+ if (vp->val.string == NULL) {
+- return -1;
++ goto fail;
+ }
+ p = asn_parse_string(var_val, &len, &vp->type, vp->val.string,
+ &vp->val_len);
+@@ -4619,7 +4604,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length)
+ vp->val_len *= sizeof(oid);
+ vp->val.objid = (oid *) malloc(vp->val_len);
+ if (vp->val.objid == NULL) {
+- return -1;
++ goto fail;
+ }
+ memmove(vp->val.objid, objid, vp->val_len);
+ break;
+@@ -4631,7 +4616,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length)
+ case ASN_BIT_STR:
+ vp->val.bitstring = (u_char *) malloc(vp->val_len);
+ if (vp->val.bitstring == NULL) {
+- return -1;
++ goto fail;
+ }
+ p = asn_parse_bitstring(var_val, &len, &vp->type,
+ vp->val.bitstring, &vp->val_len);
+@@ -4640,12 +4625,28 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length)
+ break;
+ default:
+ snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type);
+- badtype = -1;
++ goto fail;
+ break;
+ }
+ DEBUGINDENTADD(-4);
++
++ if (NULL == vplast) {
++ pdu->variables = vp;
++ } else {
++ vplast->next_variable = vp;
++ }
++ vplast = vp;
++ vp = NULL;
+ }
+- return badtype;
++ return 0;
++
++ fail:
++ DEBUGMSGTL(("recv", "error while parsing VarBindList\n"));
++ /** if we were parsing a var, remove it from the pdu and free it */
++ if (vp)
++ snmp_free_var(vp);
++
++ return -1;
+ }
+
+ /*
+--
+2.5.0
+