diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-08-04 09:20:07 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-08-04 09:20:35 +0000 |
commit | d62a69d9f27a321395d715b11f8945f6674b1a23 (patch) | |
tree | d49739263faa9caff6a0dc4955a02ebba6bfdb4f /main | |
parent | b9e851546e0145ef7fe5dd38da6f0cc7ed21f2cd (diff) | |
download | aports-d62a69d9f27a321395d715b11f8945f6674b1a23.tar.bz2 aports-d62a69d9f27a321395d715b11f8945f6674b1a23.tar.xz |
main/net-snmp: security fix for CVE-2015-5621
Diffstat (limited to 'main')
-rw-r--r-- | main/net-snmp/APKBUILD | 7 | ||||
-rw-r--r-- | main/net-snmp/CVE-2015-5621.patch | 132 |
2 files changed, 138 insertions, 1 deletions
diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD index 6104d86656..9b8e8bbdfc 100644 --- a/main/net-snmp/APKBUILD +++ b/main/net-snmp/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=net-snmp pkgver=5.7.3 -pkgrel=2 +pkgrel=3 pkgdesc="Simple Network Management Protocol" url="http://www.net-snmp.org/" arch="all" @@ -17,6 +17,8 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-agent-libs:alibs source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz netsnmp-swinst-crash.patch fix-includes.patch + CVE-2015-5621.patch + snmpd.initd snmpd.confd snmptrapd.initd @@ -157,6 +159,7 @@ tools() { md5sums="d4a3459e1577d0efa8d96ca70a885e53 net-snmp-5.7.3.tar.gz 4fd189ec7154114c9bd19f2b0058ae9c netsnmp-swinst-crash.patch 0fe11859a55f8e2489d5de629971a242 fix-includes.patch +2267947dd243b4fa85a3cf0c23dbaa76 CVE-2015-5621.patch 15faba29c3a61aaa41e4ca9b04f3cebf snmpd.initd ea1296c366d6a7b0dab8a5b46e02d139 snmpd.confd b929515d53d6f5dbf7f85c92efc90455 snmptrapd.initd @@ -164,6 +167,7 @@ b929515d53d6f5dbf7f85c92efc90455 snmptrapd.initd sha256sums="12ef89613c7707dc96d13335f153c1921efc9d61d3708ef09f3fc4a7014fb4f0 net-snmp-5.7.3.tar.gz 2de23959acf74d8f893129819149d016cc22f2d60e15f875e4d17de33931013e netsnmp-swinst-crash.patch 7528f7d368a0a4536915805c065f8496c37cb99dbc74d508bed89831cd5af37e fix-includes.patch +4cfe532b39877d90836d04079ab7bff14727719e8ca719ead9d615b21cade255 CVE-2015-5621.patch c8597688d848f10f305f883466300e48fa4976b782835a45781ad7e1a8374cd6 snmpd.initd e1434b38611a436278b1f0974a55ea3374863a975405b5dc2da836e9acb082ff snmpd.confd bad9efc1b131d7a0b5a05dedc589b011908ee9eb24472bffa6c5838d363db11e snmptrapd.initd @@ -171,6 +175,7 @@ bad9efc1b131d7a0b5a05dedc589b011908ee9eb24472bffa6c5838d363db11e snmptrapd.init sha512sums="0758bba5844cfd6c80959ac16b83906a2f830ba49fd0ab1bf9e191dc6a79d312a2e4760bd53b3e1a1c82759481f0064d088d5a3cf475d84b25679a6bd0f049bb net-snmp-5.7.3.tar.gz 4ad92f50b14d5e27ba86256cc532a2dd055502f4d5fbb1700434f9f01f881fd09bb1eadb94e727554e1470f036707558314c64a66d0376b54e71ab31d5e4baa3 netsnmp-swinst-crash.patch 87a552bd2e41684bba6e87fbcf6454a85ee912d7a339411fda24cebddf7661f0856729e076a917920a542cf84b687ffd90a091daa15f2c48f0ff64f3a53c0ddb fix-includes.patch +2b2a7be54a570e3c1bb701f8ccfb98ea8e50a19fda021f43a521d4e968ded1bc5e794fc4348dff7fcdf57da34ff6b555398851bbccfcf92bb75ad6f365a80dba CVE-2015-5621.patch b19c039ad45b1802a243b6c2b870aca1f251f8fc22530bbe3c61b037f289891efa692dc1d6bd53148ee35c115367cbb22200af480b7898bfb2cb0a4b0d51cd73 snmpd.initd ad30bb027dbd18272a4ddb34009bdaa19df030f23956c5fa592e47cf76ad87175ae6b97659b8bbd866d79674bbc7b8b3a8a400746139c18de0eb86902706b65f snmpd.confd 17239cdeac6bf8ea47bc1238567f72be9c755591ca386a87e58ee5d3ac074e228b5cdd399618e7434a8c535537d6c6a48c8d66d84380b8944fe00514f090c00d snmptrapd.initd diff --git a/main/net-snmp/CVE-2015-5621.patch b/main/net-snmp/CVE-2015-5621.patch new file mode 100644 index 0000000000..6d30f99ee7 --- /dev/null +++ b/main/net-snmp/CVE-2015-5621.patch @@ -0,0 +1,132 @@ +From 3714c5be3212d2af61545439eeb432e5d84a8d39 Mon Sep 17 00:00:00 2001 +From: Robert Story <rstory@localhost> +Date: Sat, 11 Apr 2015 18:49:02 -0400 +Subject: [PATCH] CHANGES: BUG: #2615: Don't return incompletely parsed + varbinds + +--- + snmplib/snmp_api.c | 55 +++++++++++++++++++++++++++--------------------------- + 1 file changed, 28 insertions(+), 27 deletions(-) + +diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c +index 191debf..adae4e4 100644 +--- a/snmplib/snmp_api.c ++++ b/snmplib/snmp_api.c +@@ -4350,10 +4350,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + u_char type; + u_char msg_type; + u_char *var_val; +- int badtype = 0; + size_t len; + size_t four; +- netsnmp_variable_list *vp = NULL; ++ netsnmp_variable_list *vp = NULL, *vplast = NULL; + oid objid[MAX_OID_LEN]; + u_char *p; + +@@ -4493,38 +4492,24 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + (ASN_SEQUENCE | ASN_CONSTRUCTOR), + "varbinds"); + if (data == NULL) +- return -1; ++ goto fail; + + /* + * get each varBind sequence + */ + while ((int) *length > 0) { +- netsnmp_variable_list *vptemp; +- vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp)); +- if (NULL == vptemp) { +- return -1; +- } +- if (NULL == vp) { +- pdu->variables = vptemp; +- } else { +- vp->next_variable = vptemp; +- } +- vp = vptemp; ++ vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list); ++ if (NULL == vp) ++ goto fail; + +- vp->next_variable = NULL; +- vp->val.string = NULL; + vp->name_length = MAX_OID_LEN; +- vp->name = NULL; +- vp->index = 0; +- vp->data = NULL; +- vp->dataFreeHook = NULL; + DEBUGDUMPSECTION("recv", "VarBind"); + data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type, + &vp->val_len, &var_val, length); + if (data == NULL) +- return -1; ++ goto fail; + if (snmp_set_var_objid(vp, objid, vp->name_length)) +- return -1; ++ goto fail; + + len = MAX_PACKET_LENGTH; + DEBUGDUMPHEADER("recv", "Value"); +@@ -4604,7 +4589,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + vp->val.string = (u_char *) malloc(vp->val_len); + } + if (vp->val.string == NULL) { +- return -1; ++ goto fail; + } + p = asn_parse_string(var_val, &len, &vp->type, vp->val.string, + &vp->val_len); +@@ -4619,7 +4604,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + vp->val_len *= sizeof(oid); + vp->val.objid = (oid *) malloc(vp->val_len); + if (vp->val.objid == NULL) { +- return -1; ++ goto fail; + } + memmove(vp->val.objid, objid, vp->val_len); + break; +@@ -4631,7 +4616,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + case ASN_BIT_STR: + vp->val.bitstring = (u_char *) malloc(vp->val_len); + if (vp->val.bitstring == NULL) { +- return -1; ++ goto fail; + } + p = asn_parse_bitstring(var_val, &len, &vp->type, + vp->val.bitstring, &vp->val_len); +@@ -4640,12 +4625,28 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * length) + break; + default: + snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type); +- badtype = -1; ++ goto fail; + break; + } + DEBUGINDENTADD(-4); ++ ++ if (NULL == vplast) { ++ pdu->variables = vp; ++ } else { ++ vplast->next_variable = vp; ++ } ++ vplast = vp; ++ vp = NULL; + } +- return badtype; ++ return 0; ++ ++ fail: ++ DEBUGMSGTL(("recv", "error while parsing VarBindList\n")); ++ /** if we were parsing a var, remove it from the pdu and free it */ ++ if (vp) ++ snmp_free_var(vp); ++ ++ return -1; + } + + /* +-- +2.5.0 + |