Your message dated Sun, 13 Oct 2019 10:00:23 +0000 with message-id <e1ijafn-000i3y...@fasolo.debian.org> and subject line Bug#754955: fixed in net-snmp 5.8+dfsg-1 has caused the Debian Bug report #754955, regarding libsnmp-dev: File descriptors larger than FD_SETSIZE crash the init_snmp() function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 754955: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754955 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libsnmp-dev Version: 5.7.2.1~dfsg-5 Severity: important Tags: patch Dear Maintainer, I was debugging a sub agent running on a thread started by a larger application. If the process used up more file descriptors than FD_SETSIZE before starting the thread which was running the sub agent, the sub agent crashed on the init_snmp() function. This should not be a problem since versions over NetSNMP 5.5 can and should use netsnmp_large_fd_set struct to deal with large file descriptors. Debugging the issue I've found that the functions used to manipulate the large file descriptor sets ( netsnmp_large_fd_setfd(), netsnmp_large_fd_clr(), netsnmp_large_fd_is_set(), netsnmp_large_fd_set_resize() ) use the macros FD_SET, FD_CLR, FD_ISSET. These macros should be size independent, however in newer versions of libc library they have an inbuilt buffer overflow protection which tests agains the FD_SETSIZE, when manipulating a file descriptor from the set. Also the functions snmp_synch_response_cb() and snmp_sess_synch_response() still use the standard fd_set struct, wich causes an infinite loop if the response is expected on a file descriptor larger than FD_SETSIZE. This is aready fixed in upstream PATCH 3394386, I've just used the fix. Attached a suggested patch. -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-30-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libsnmp-dev depends on: ii libc6-dev 2.19-0ubuntu6 ii libsensors4-dev 1:3.3.4-2ubuntu1 ii libsnmp30 5.7.2.1~dfsg-5 ii libssl-dev 1.0.1f-1ubuntu2.4 ii libwrap0-dev 7.6.q-25 ii procps 1:3.3.9-1ubuntu2 libsnmp-dev recommends no packages. libsnmp-dev suggests no packages.commit 530958fd97c34ebb213f4fb82746af126b00eb14 Author: Petr Zajicek <petr.zaji...@nangu.tv> Date: Tue Jul 15 15:20:21 2014 +0200 Bug 36980: Improved netsnmp_large_fd_set struct support in sub agents. Changes to be committed: modified: snmplib/large_fd_set.c modified: snmplib/snmp_client.c diff --git a/snmplib/large_fd_set.c b/snmplib/large_fd_set.c index 32f57b3..ffe37f8 100644 --- a/snmplib/large_fd_set.c +++ b/snmplib/large_fd_set.c @@ -79,6 +79,10 @@ netsnmp_large_fd_is_set(SOCKET fd, netsnmp_large_fd_set * fdset) #else +const unsigned int number_of_bits = (8 * (int) sizeof (__fd_mask)); +inline unsigned int pos_in_array( int fd ) { return fd / number_of_bits; } +inline __fd_mask get_mask_for_fd( int fd ) { return (__fd_mask) ( 1UL << (fd % number_of_bits) ); } + void netsnmp_large_fd_setfd(int fd, netsnmp_large_fd_set * fdset) { @@ -87,7 +91,7 @@ netsnmp_large_fd_setfd(int fd, netsnmp_large_fd_set * fdset) while (fd >= (int)fdset->lfs_setsize) netsnmp_large_fd_set_resize(fdset, 2 * (fdset->lfs_setsize + 1)); - FD_SET(fd, fdset->lfs_setptr); + ((__fd_mask*)(fdset->lfs_setptr))[ pos_in_array( fd ) ] |= get_mask_for_fd( fd ); } void @@ -96,7 +100,9 @@ netsnmp_large_fd_clr(int fd, netsnmp_large_fd_set * fdset) netsnmp_assert(fd >= 0); if ((unsigned)fd < fdset->lfs_setsize) - FD_CLR(fd, fdset->lfs_setptr); + { + ((__fd_mask*)(fdset->lfs_setptr))[ pos_in_array( fd ) ] &= ~get_mask_for_fd( fd ); + } } int @@ -104,7 +110,10 @@ netsnmp_large_fd_is_set(int fd, netsnmp_large_fd_set * fdset) { netsnmp_assert(fd >= 0); - return (unsigned)fd < fdset->lfs_setsize && FD_ISSET(fd, fdset->lfs_setptr); + if( (unsigned)fd > fdset->lfs_setsize ) + return 0; + + return ((__fd_mask*)(fdset->lfs_setptr))[ pos_in_array( fd ) ] & get_mask_for_fd( fd ); } #endif @@ -182,7 +191,7 @@ netsnmp_large_fd_set_resize(netsnmp_large_fd_set * fdset, int setsize) * resized *fdset but that were not defined in the original *fdset. */ for (i = fdset->lfs_setsize; i < setsize; i++) - FD_CLR(i, fdset->lfs_setptr); + ((__fd_mask*)(fdset->lfs_setptr))[ pos_in_array( i ) ] &= ~get_mask_for_fd( i ); } #endif diff --git a/snmplib/snmp_client.c b/snmplib/snmp_client.c index c1aa9c4..998776f 100644 --- a/snmplib/snmp_client.c +++ b/snmplib/snmp_client.c @@ -97,6 +97,7 @@ SOFTWARE. #include <net-snmp/library/mib.h> #include <net-snmp/library/snmp_logging.h> #include <net-snmp/library/snmp_assert.h> +#include <net-snmp/library/large_fd_set.h> #include <net-snmp/pdu_api.h> netsnmp_feature_child_of(snmp_client_all, libnetsnmp) @@ -110,17 +111,6 @@ netsnmp_feature_child_of(row_create, snmp_client_all) #define BSD4_2 #endif -#ifndef FD_SET - -typedef long fd_mask; -#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask */ - -#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) -#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) -#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) -#define FD_ZERO(p) memset((p), 0, sizeof(*(p))) -#endif - /* * Prototype definitions */ @@ -1029,13 +1019,13 @@ snmp_synch_response_cb(netsnmp_session * ss, netsnmp_pdu *pdu, netsnmp_pdu **response, snmp_callback pcb) { - struct synch_state lstate, *state; - snmp_callback cbsav; - void *cbmagsav; - int numfds, count; - fd_set fdset; - struct timeval timeout, *tvp; - int block; + struct synch_state lstate, *state; + snmp_callback cbsav; + void *cbmagsav; + int numfds, count; + netsnmp_large_fd_set fdset; + struct timeval timeout, *tvp; + int block; memset((void *) &lstate, 0, sizeof(lstate)); state = &lstate; @@ -1043,6 +1033,7 @@ snmp_synch_response_cb(netsnmp_session * ss, cbmagsav = ss->callback_magic; ss->callback = pcb; ss->callback_magic = (void *) state; + netsnmp_large_fd_set_init(&fdset, FD_SETSIZE); if ((state->reqid = snmp_send(ss, pdu)) == 0) { snmp_free_pdu(pdu); @@ -1052,17 +1043,17 @@ snmp_synch_response_cb(netsnmp_session * ss, while (state->waiting) { numfds = 0; - FD_ZERO(&fdset); + NETSNMP_LARGE_FD_ZERO(&fdset); block = NETSNMP_SNMPBLOCK; tvp = &timeout; timerclear(tvp); - snmp_sess_select_info_flags(0, &numfds, &fdset, tvp, &block, + snmp_sess_select_info2_flags(0, &numfds, &fdset, tvp, &block, NETSNMP_SELECT_NOALARMS); if (block == 1) tvp = NULL; /* block without timeout */ - count = select(numfds, &fdset, NULL, NULL, tvp); + count = netsnmp_large_fd_set_select(numfds, &fdset, NULL, NULL, tvp); if (count > 0) { - snmp_read(&fdset); + snmp_read2(&fdset); } else { switch (count) { case 0: @@ -1101,6 +1092,7 @@ snmp_synch_response_cb(netsnmp_session * ss, *response = state->pdu; ss->callback = cbsav; ss->callback_magic = cbmagsav; + netsnmp_large_fd_set_cleanup(&fdset); return state->status; } @@ -1115,14 +1107,14 @@ int snmp_sess_synch_response(void *sessp, netsnmp_pdu *pdu, netsnmp_pdu **response) { - netsnmp_session *ss; - struct synch_state lstate, *state; - snmp_callback cbsav; - void *cbmagsav; - int numfds, count; - fd_set fdset; - struct timeval timeout, *tvp; - int block; + netsnmp_session *ss; + struct synch_state lstate, *state; + snmp_callback cbsav; + void *cbmagsav; + int numfds, count; + netsnmp_large_fd_set fdset; + struct timeval timeout, *tvp; + int block; ss = snmp_sess_session(sessp); if (ss == NULL) { @@ -1135,6 +1127,7 @@ snmp_sess_synch_response(void *sessp, cbmagsav = ss->callback_magic; ss->callback = snmp_synch_input; ss->callback_magic = (void *) state; + netsnmp_large_fd_set_init(&fdset, FD_SETSIZE); if ((state->reqid = snmp_sess_send(sessp, pdu)) == 0) { snmp_free_pdu(pdu); @@ -1144,17 +1137,17 @@ snmp_sess_synch_response(void *sessp, while (state->waiting) { numfds = 0; - FD_ZERO(&fdset); + NETSNMP_LARGE_FD_ZERO(&fdset); block = NETSNMP_SNMPBLOCK; tvp = &timeout; timerclear(tvp); - snmp_sess_select_info_flags(sessp, &numfds, &fdset, tvp, &block, + snmp_sess_select_info2_flags(sessp, &numfds, &fdset, tvp, &block, NETSNMP_SELECT_NOALARMS); if (block == 1) tvp = NULL; /* block without timeout */ - count = select(numfds, &fdset, NULL, NULL, tvp); + count = netsnmp_large_fd_set_select(numfds, &fdset, NULL, NULL, tvp); if (count > 0) { - snmp_sess_read(sessp, &fdset); + snmp_sess_read2(sessp, &fdset); } else switch (count) { case 0: @@ -1185,6 +1178,7 @@ snmp_sess_synch_response(void *sessp, *response = state->pdu; ss->callback = cbsav; ss->callback_magic = cbmagsav; + netsnmp_large_fd_set_cleanup(&fdset); return state->status; }
--- End Message ---
--- Begin Message ---Source: net-snmp Source-Version: 5.8+dfsg-1 We believe that the bug you reported is fixed in the latest version of net-snmp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 754...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Craig Small <csm...@debian.org> (supplier of updated net-snmp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Oct 2019 22:37:15 +1100 Source: net-snmp Binary: libsnmp-base libsnmp-dev libsnmp-perl libsnmp-perl-dbgsym libsnmp35 libsnmp35-dbg snmp snmp-dbgsym snmpd snmpd-dbgsym snmptrapd snmptrapd-dbgsym tkmib Architecture: source all amd64 Version: 5.8+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-de...@lists.alioth.debian.org> Changed-By: Craig Small <csm...@debian.org> Description: libsnmp-base - SNMP configuration script, MIBs and documentation libsnmp-dev - SNMP (Simple Network Management Protocol) development files libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support libsnmp35 - SNMP (Simple Network Management Protocol) library libsnmp35-dbg - SNMP (Simple Network Management Protocol) library debug snmp - SNMP (Simple Network Management Protocol) applications snmpd - SNMP (Simple Network Management Protocol) agents snmptrapd - Net-SNMP notification receiver tkmib - SNMP (Simple Network Management Protocol) MIB browser Closes: 528103 684721 754955 792623 823201 898399 917444 932775 937131 Changes: net-snmp (5.8+dfsg-1) unstable; urgency=medium . * New upstream release - snmplib: handle large amount of file descriptors Closes: #754955 - BUG: 2815 Display UTF-8 characters again Closes: #898399 * Update to Debian standards 4.3.0 * Update debhelper to compat 12 * snmpd/snmptrapd: Log only warning and above. Closes: #792623 * snmpd/snmptrapd: Systemd unit logs to stdout * Build depend on non-versions libsensors Closes: #917444 * Library soname updated to 35 * snmpd: Change pidfile mode to 0644 Closes: #528103 * Remove python modules Closes: #937131 * Respect defaults for sysvinit Closes: #932775 * Added snmpping.1 manpage * Reduce logging for subcontainer Closes: #684721 * Do not enable DISMAN events Closes: #823201 * Update to standards 4.4.1 Checksums-Sha1: 9f43c296f13a96a7d794bb3cb0b47aaee2b6c194 2816 net-snmp_5.8+dfsg-1.dsc f672ab1eb88af10227cb1ddd669ad971201e3afd 3446028 net-snmp_5.8+dfsg.orig.tar.xz b1fbc4c0076db77c50391299dfb25e81b13342f2 64300 net-snmp_5.8+dfsg-1.debian.tar.xz 5503976feaf7d8816eab03c964bda06ffc674c96 1670548 libsnmp-base_5.8+dfsg-1_all.deb fe88635e1008ed7a07ab268892e18cc120bbf2c8 1151364 libsnmp-dev_5.8+dfsg-1_amd64.deb e4497a71657ec9531ee1294a7ed9e57d5b87ae82 211880 libsnmp-perl-dbgsym_5.8+dfsg-1_amd64.deb fddf6ee65afd1346454e0d4b2b567812716d84c3 1625720 libsnmp-perl_5.8+dfsg-1_amd64.deb 96e7cbb0adb187eba881666825f93db1fc6fe0a5 2050808 libsnmp35-dbg_5.8+dfsg-1_amd64.deb c4dcaeae5033faf21a00937e934e45900faabae5 2459444 libsnmp35_5.8+dfsg-1_amd64.deb 342706cea19b7ba45bd8be1b57c6b4c8308f0c32 9703 net-snmp_5.8+dfsg-1_amd64.buildinfo 8c77438a6680fc0c33e2517c49fe16156a90962d 219700 snmp-dbgsym_5.8+dfsg-1_amd64.deb e3c650f055893c803788edb732dba799c350504d 167184 snmp_5.8+dfsg-1_amd64.deb f2d8aa9550b71e2de81d0c37a7656d6ade96deb7 23604 snmpd-dbgsym_5.8+dfsg-1_amd64.deb d94750290c5b32cbd498039e0c9b84a94c85ba4b 55608 snmpd_5.8+dfsg-1_amd64.deb 57636dd01a5dfe61d724fe1ca394bf339c330ee8 27276 snmptrapd-dbgsym_5.8+dfsg-1_amd64.deb 197737146f4103910fd64102d62a34a2c288b2d4 24344 snmptrapd_5.8+dfsg-1_amd64.deb 6cb468d70844cf133750a1f56e914d7652e1dfd4 1565916 tkmib_5.8+dfsg-1_all.deb Checksums-Sha256: b526f4eed8612a9c4f6b041ee6553fb24cdd47aedc3ecd92ba64e0c4271f8259 2816 net-snmp_5.8+dfsg-1.dsc bd398037a56140140adaaf5218aca982fda9909bc755d5f5ea9d6456f45689d0 3446028 net-snmp_5.8+dfsg.orig.tar.xz 61671bda92e5d23bfc2f1abb020ea5be2a933a1950663b253d337cd663baef19 64300 net-snmp_5.8+dfsg-1.debian.tar.xz 9e9851345cb458e3957d302467ab7c40daa51ea88152b12c63d446f77f8bc033 1670548 libsnmp-base_5.8+dfsg-1_all.deb a281107c4dc344b339706b10f855efbec27ead2fba0a08759b51b3bd6e365956 1151364 libsnmp-dev_5.8+dfsg-1_amd64.deb 9c21ce3482baff40776ab932784d365e3660a01614298f969ba3841eefa40095 211880 libsnmp-perl-dbgsym_5.8+dfsg-1_amd64.deb 947df80f8a5570fb996aaeec7bced2649aa472433c052cbb5422a618bb138e18 1625720 libsnmp-perl_5.8+dfsg-1_amd64.deb 1908f64e17c14d2bc02b27b4ad3365f3a0ac14b293e51df6e80c6ff9a6eefa24 2050808 libsnmp35-dbg_5.8+dfsg-1_amd64.deb ae80b834f096af13a4e6c311bb3520f4a8bbdd3b14cfec076b847d317dde3368 2459444 libsnmp35_5.8+dfsg-1_amd64.deb 186e9a1353f9185e2d0ee30b37cd26e739da82c6923b7bcc2455018c5315f1ab 9703 net-snmp_5.8+dfsg-1_amd64.buildinfo 713c0dda885f1e09aed65309ba6b0b8a2281afa60a8e01887e99f1fc79254d78 219700 snmp-dbgsym_5.8+dfsg-1_amd64.deb 79c78d60913d83ba625aff48f08696d3f4f793d8253e5b03b7ca1374365f578e 167184 snmp_5.8+dfsg-1_amd64.deb 830e5e1b14cbbe207c1ad4d3e0409ef2d21c7777f37e8bf044444f619fdc846f 23604 snmpd-dbgsym_5.8+dfsg-1_amd64.deb 67dc822e98d544584aae67e80bdbc00781b7a2ba282312b61fe9bfa4389145ce 55608 snmpd_5.8+dfsg-1_amd64.deb 1137c656fa64d56e199bfb13e851d6b6171cd8f8d547cfb64a49937abf217ddb 27276 snmptrapd-dbgsym_5.8+dfsg-1_amd64.deb d34c8c9a71a4b88d7c215c4be519324fefce6d0675231591af9a87a005a276d4 24344 snmptrapd_5.8+dfsg-1_amd64.deb 886037e74247de6b7452a6455af623aa4438cac0e05beb8c21a20b655637b752 1565916 tkmib_5.8+dfsg-1_all.deb Files: b7fea35b3cccc9cb79cc65badd921e54 2816 net optional net-snmp_5.8+dfsg-1.dsc 2ec6d4e942c6f5b569f17904cfcefc41 3446028 net optional net-snmp_5.8+dfsg.orig.tar.xz 5d0f05ba7973cf6e1949add104870337 64300 net optional net-snmp_5.8+dfsg-1.debian.tar.xz 1959c28b5be7679bc87711a5780ba3b7 1670548 libs optional libsnmp-base_5.8+dfsg-1_all.deb f6f4ebeb8462b35c87345cf479819dfc 1151364 libdevel optional libsnmp-dev_5.8+dfsg-1_amd64.deb 56cfe5e8e4b9a59810c201fa7ae382b3 211880 debug optional libsnmp-perl-dbgsym_5.8+dfsg-1_amd64.deb 0a657fb268670da1a84cc89c40a8ab11 1625720 perl optional libsnmp-perl_5.8+dfsg-1_amd64.deb dff24d90ac2c6cca5cf185d71eac4928 2050808 debug optional libsnmp35-dbg_5.8+dfsg-1_amd64.deb 5cdaa51210819c1868fdc3216ee1b21f 2459444 libs optional libsnmp35_5.8+dfsg-1_amd64.deb 1b73d787ae6e2929d998ee9a95e4b71f 9703 net optional net-snmp_5.8+dfsg-1_amd64.buildinfo a81cfec2f9a5b71665798cd8696d659e 219700 debug optional snmp-dbgsym_5.8+dfsg-1_amd64.deb f201d4e75bd048afa0967e92358aa4cb 167184 net optional snmp_5.8+dfsg-1_amd64.deb aaaf33fd3c9db4513d07ea083f1bf39a 23604 debug optional snmpd-dbgsym_5.8+dfsg-1_amd64.deb 492c5fcba45affa691f4601b8633b78f 55608 net optional snmpd_5.8+dfsg-1_amd64.deb 6dfeccbc58d3e6c6f6a3fded7d0b7a24 27276 debug optional snmptrapd-dbgsym_5.8+dfsg-1_amd64.deb ffa88014395b29de891aba96e679d208 24344 net optional snmptrapd_5.8+dfsg-1_amd64.deb 7872be1667deb37001e0f6e1004e69c0 1565916 net optional tkmib_5.8+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXT3w9TizJ8CqeneiAiFmwP88hOMFAl2fkwoACgkQAiFmwP88 hOOCaw//eczuV0P6GiPM0YL0XVviH6xj/Oi5qBLsS764BLX795rkH0TI1XGgOSYi nFxJz4DDqpqfnBG/2JOBMYoPRJWAXigxRUmC2Q9CkbXjwFSGo/75Y7PpBsJpwfp8 VagofXvOCrCz1um6NbSOnEv6hM5R2CAZ1mMHnLy4R1P4H8PnoqvjdAgLHKGf85gZ 5GL9wgpD2FpDYljDIpP1NdXHb7oXU0bgjtKDqaebuj7tC9ovik4q7ud7cxa2y/mD 0HFruAx68leaIu7WdUhh3lieafrq1N39TTnrsN9Wm1WuJtW1uaQ0itaoDKoFj4YP Gp34UwNPnsoQH7/RU/G+2Ezq0cUiQXDciNptgw5z7l7TCJA4oS52DizdPljzrDXN Zoh12RA0WTH1LYCh2N/k4EVYG3YzFBqHjkLx0lvb2K7XwjIPhVla1yGuZfS3DBHI AQOc1haejAg5MBQcGkzR2bbLs/6fCZkYRJvh+WA6ur81o+tt1vuunUwXUFaB7OjQ KLLMicq5xP0NLtGZVA9I5IjjQ50JYoNuXgTA1SmFDYDOzVwbPdY12qIfReseOlfm K0O5Fu08ZODYw+2doc6ObxXZ9sSD0IcNG8pjLVKkvfmPawkJzJT4AE0GcmAnkex3 neX3Wto5mvswpQ1v/Q0irR8JPgSfm918n4KS4DbNsQu72BMJfcY= =CJxn -----END PGP SIGNATURE-----
--- End Message ---