Bug#323038: marked as done (snmpd segfaults in IP-MIB during snmpwalk)

Sat, 10 Sep 2005 11:19:07 -0700 

Your message dated Sat, 10 Sep 2005 11:07:18 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#323038: fixed in net-snmp 5.2.1.2-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Aug 2005 11:14:07 +0000
>From [EMAIL PROTECTED] Sun Aug 14 04:14:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from sardaukar.technologeek.org [62.4.21.150] (postfix)
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1E4GRK-0006UZ-00; Sun, 14 Aug 2005 04:14:06 -0700
Received: by sardaukar.technologeek.org (Postfix, from userid 1000)
        id D909739900; Sun, 14 Aug 2005 13:14:04 +0200 (CEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
From: Julien BLACHE <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: snmpd segfaults in IP-MIB during snmpwalk
X-Mailer: reportbug 3.15
Date: Sun, 14 Aug 2005 13:14:04 +0200
Message-Id: <[EMAIL PROTECTED]>
Content-Transfer-Encoding: quoted-printable
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: snmpd
Version: 5.2.1.2-2
Severity: serious
Justification: renders software unusable; possible DoS

Hi,

% snmpwalk [...] 10.0.1.2
[...]
IP-MIB::ip.34.1.11.1.4.127.0.0.1 =3D INTEGER: 2
IP-MIB::ip.34.1.11.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1 =3D INTEGER: 2
IP-MIB::ip.34.1.11.2.16.32.1.7.168.24.94.0.1.0.0.0.0.0.0.0.16 =3D INTEGER=
: 2
IP-MIB::ip.34.1.11.2.16.254.128.0.0.0.0.0.0.2.0.180.255.254.185.115.222 =3D=
 INTEGER: 2
IP-MIB::ip.34.1.11.2.16.254.128.0.0.0.0.0.0.2.5.93.255.254.162.102.34 =3D=
 INTEGER: 2
IP-MIB::ip.35.1.4.1.4.4.10.10.10.1 =3D Hex-STRING: 00 10 A7 11 F9 3F=20

Timeout: No Response from 10.0.1.2

Happens on all my machines, not architecture-specific.


*** glibc detected *** free(): invalid pointer: 0x0000000000649dd8 ***

Program received signal SIGABRT, Aborted.
0x00002aaaab772dd0 in raise () from /lib/libc.so.6
(gdb) bt
#0  0x00002aaaab772dd0 in raise () from /lib/libc.so.6
#1  0x00002aaaab774280 in abort () from /lib/libc.so.6
#2  0x00002aaaab7a853e in __fsetlocking () from /lib/libc.so.6
#3  0x00002aaaab7ae29b in malloc_usable_size () from /lib/libc.so.6
#4  0x00002aaaab7ae57e in free () from /lib/libc.so.6
#5  0x00002aaaab1e7d16 in snmp_free_var (var=3D0x6764a0) at snmp_api.c:48=
61
#6  0x00002aaaab1e7dc7 in snmp_free_varbind (var=3D0x6764a0) at snmp_api.=
c:4881
#7  0x00002aaaab1e7e31 in snmp_free_pdu (pdu=3D0x65ac90) at snmp_api.c:49=
21
#8  0x00002aaaab1e7ba7 in _sess_async_send (sessp=3D0x62aa60, pdu=3D0x65a=
c90, callback=3D0, cb_data=3D0x0) at snmp_api.c:4815
#9  0x00002aaaab1e7c0b in snmp_sess_async_send (sessp=3D0x62aa60, pdu=3D0=
x65ac90, callback=3D0, cb_data=3D0x0) at snmp_api.c:4833
#10 0x00002aaaab1e70ab in snmp_async_send (session=3D0x65a520, pdu=3D0x65=
ac90, callback=3D0, cb_data=3D0x0) at snmp_api.c:4565
#11 0x00002aaaab1e7046 in snmp_send (session=3D0x65a520, pdu=3D0x65ac90) =
at snmp_api.c:4551
#12 0x00002aaaaae4be4c in netsnmp_wrap_up_request (asp=3D0x677350, status=
=3D0) at snmp_agent.c:1627
#13 0x00002aaaaae4f08d in netsnmp_handle_request (asp=3D0x677350, status=3D=
0) at snmp_agent.c:2996
#14 0x00002aaaaae4c48d in handle_snmp_packet (op=3D1, session=3D0x65a520,=
 reqid=3D20857002, pdu=3D0x65aa70, magic=3D0x0) at snmp_agent.c:1792
#15 0x00002aaaab1e89f2 in _sess_process_packet (sessp=3D0x62aa60, sp=3D0x=
65a520, isp=3D0x65a9a0, transport=3D0x658970, opaque=3D0x657f90, olength=3D=
16,=20
    packetptr=3D0x65dee0 "[EMAIL PROTECTED]>@=AA=
\002\001", length=3D66) at snmp_api.c:5213
#16 0x00002aaaab1e9fef in _sess_read (sessp=3D0x62aa60, fdset=3D0x7fffffc=
df940) at snmp_api.c:5610
#17 0x00002aaaab1ea040 in snmp_sess_read (sessp=3D0x62aa60, fdset=3D0x7ff=
fffcdf940) at snmp_api.c:5629
#18 0x00002aaaab1e8b90 in snmp_read (fdset=3D0x7fffffcdf940) at snmp_api.=
c:5265
#19 0x00000000004050a8 in receive () at snmpd.c:1149
#20 0x0000000000404615 in main (argc=3D7, argv=3D0x7fffffce0ca8) at snmpd=
.c:993


Looks like the IP-MIB code is at fault here, again. You may need to have =
IPv6
enabled on your system to reproduce the segfault. This one is so deeply b=
uried
into snmpd that I'm not going to debug it. Spent my sunday morning fixing=
 the
64bit-specific segfault (321713), that'll be enough for today.

Please forward to upstream ASAP.

JB.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: LANG=3DC, [EMAIL PROTECTED] (charmap=3DISO-8859-15)

Versions of packages snmpd depends on:
ii  libc6                         2.3.5-3    GNU C Library: Shared librar=
ies an
ii  libsensors3                   1:2.9.1-5  library to read temperature/=
voltag
ii  libsnmp5                      5.2.1.2-2  NET SNMP (Simple Network Man=
agemen
ii  libwrap0                      7.6.dbs-8  Wietse Venema's TCP wrappers=
 libra

snmpd recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 323038-close) by bugs.debian.org; 10 Sep 2005 18:08:03 +0000
>From [EMAIL PROTECTED] Sat Sep 10 11:08:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from joerg by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1EE9l0-0007iF-00; Sat, 10 Sep 2005 11:07:18 -0700
From: Jochen Friedrich <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: lisa $Revision: 1.30 $
Subject: Bug#323038: fixed in net-snmp 5.2.1.2-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Joerg Jaspert <[EMAIL PROTECTED]>
Date: Sat, 10 Sep 2005 11:07:18 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3

Source: net-snmp
Source-Version: 5.2.1.2-3

We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:

libsnmp-base_5.2.1.2-3_all.deb
  to pool/main/n/net-snmp/libsnmp-base_5.2.1.2-3_all.deb
libsnmp-perl_5.2.1.2-3_alpha.deb
  to pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-3_alpha.deb
libsnmp9-dev_5.2.1.2-3_alpha.deb
  to pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-3_alpha.deb
libsnmp9_5.2.1.2-3_alpha.deb
  to pool/main/n/net-snmp/libsnmp9_5.2.1.2-3_alpha.deb
net-snmp_5.2.1.2-3.diff.gz
  to pool/main/n/net-snmp/net-snmp_5.2.1.2-3.diff.gz
net-snmp_5.2.1.2-3.dsc
  to pool/main/n/net-snmp/net-snmp_5.2.1.2-3.dsc
snmp_5.2.1.2-3_alpha.deb
  to pool/main/n/net-snmp/snmp_5.2.1.2-3_alpha.deb
snmpd_5.2.1.2-3_alpha.deb
  to pool/main/n/net-snmp/snmpd_5.2.1.2-3_alpha.deb
tkmib_5.2.1.2-3_all.deb
  to pool/main/n/net-snmp/tkmib_5.2.1.2-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jochen Friedrich <[EMAIL PROTECTED]> (supplier of updated net-snmp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  5 Sep 2005 21:19:30 +0200
Source: net-snmp
Binary: libsnmp9 tkmib snmp libsnmp-perl libsnmp-base libsnmp9-dev snmpd
Architecture: source all alpha
Version: 5.2.1.2-3
Distribution: unstable
Urgency: low
Maintainer: Jochen Friedrich <[EMAIL PROTECTED]>
Changed-By: Jochen Friedrich <[EMAIL PROTECTED]>
Description: 
 libsnmp-base - NET SNMP (Simple Network Management Protocol) MIBs and Docs
 libsnmp-perl - NET SNMP (Simple Network Management Protocol) Perl5 Support
 libsnmp9   - NET SNMP (Simple Network Management Protocol) Library
 libsnmp9-dev - NET SNMP (Simple Network Management Protocol) Development Files
 snmp       - NET SNMP (Simple Network Management Protocol) Apps
 snmpd      - NET SNMP (Simple Network Management Protocol) Agents
 tkmib      - NET SNMP (Simple Network Management Protocol) MIB Browser
Closes: 321713 322500 323038
Changes: 
 net-snmp (5.2.1.2-3) unstable; urgency=low
 .
   * Apply official library-version-update-5.2.1.2.patch to clean up the
     version mess (Closes: #322500)
   * Replace error_snmp6.patch by upstream systemstats-snmp6.patch
   * Added upstream inetNetToMedia-01.patch (Closes: #323038)
   * Added ipaddress_linux.c-in_len-out_len-type.patch from
     Julien BLACHE <[EMAIL PROTECTED]> (Closes: #321713)
Files: 
 6f8b63e28804ab1ee7c6fe250ed46a87 1081 net optional net-snmp_5.2.1.2-3.dsc
 a29ac8ce04d96c2a364e36c2ebb99fdc 69892 net optional net-snmp_5.2.1.2-3.diff.gz
 56116c5ed0ad7273195b4423a6a1b885 1150454 libs optional 
libsnmp-base_5.2.1.2-3_all.deb
 6d86c1d6e785d1cc5ae9b4b56d90e078 821564 net optional tkmib_5.2.1.2-3_all.deb
 53062a257d33849e110e860ec87180ca 796188 net optional snmpd_5.2.1.2-3_alpha.deb
 8bc993626edb6610a6660e25ab432ba6 891208 net optional snmp_5.2.1.2-3_alpha.deb
 0fb5cf852fceaccd9adbf7d5a5f6a096 1833686 libs optional 
libsnmp9_5.2.1.2-3_alpha.deb
 3e8bb4e23658cbdc48be34cf384e5773 2100518 libdevel optional 
libsnmp9-dev_5.2.1.2-3_alpha.deb
 7e0a05b485c7d6dbb73e889df12c6667 897322 perl optional 
libsnmp-perl_5.2.1.2-3_alpha.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQEVAwUBQyG1h6vvnjGP/dScAQKrAAgAqA6ADs8H+9uM+eri2zkdAZioqVeIKiB9
EK4M0Ej04EoVtVB1ERG8sqN8mF0Hz8ZcuU2pvD4z/ve3pqtzNUg9GGQ8X3SkS/Cz
dE/sTzGKug7yPrEAScMwhdk+WCh/fCtnrLlUHclKhHOBH/9GD9V/VwGHpYs4le2E
BJCEkQ+4bFojxAHCy7/NEsZVY2g4qCTohBvs4hgvEF9YfIPqOPcTgf4jIqsFf6Sv
Tg903ABgGgp1xN9MW3npKMobMxs/c0TBp9khzspSObsxELLbQJHm4XUCjmbMdvcf
OWuenEyF5z5UDXvrOfE8uN+N0VPNWdMKJNI0u50UInl0NDgE6Kr01Q==
=wcCd
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to