Package: net-snmp Followup-For: Bug #1138373 X-Debbugs-Cc: [email protected] Control: tags -1 patch ftbfs
Dear Maintainer, The patch fixes the FTBFS with openssl 4. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (100, 'noble-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Description: Fix for OpenSSL4 compatibilty Use ASN1_STRING_get0_data() and ASN1_STRING_length() accessors instead of directly accessing ->data and ->length fields. Author: Ravi Kant Sharma <[email protected]> Bug-Ubuntu: https://bugs.launchpad.net/bugs/2154921 Bug-Debian: https://bugs.debian.org/1138373 Forwarded: no Last-Update: 2026-06-04 --- a/snmplib/snmp_openssl.c +++ b/snmplib/snmp_openssl.c @@ -234,6 +234,7 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) { int i, onid; + int oname_value_type; X509_NAME_ENTRY *oname_entry; ASN1_STRING *oname_value; X509_NAME *osubj_name; @@ -252,8 +253,9 @@ oname_entry = X509_NAME_get_entry(osubj_name, i); netsnmp_assert(NULL != oname_entry); oname_value = X509_NAME_ENTRY_get_data(oname_entry); + oname_value_type = ASN1_STRING_type(oname_value); - if (oname_value->type != V_ASN1_PRINTABLESTRING) + if (oname_value_type != V_ASN1_PRINTABLESTRING) continue; /** get NID */ @@ -268,7 +270,7 @@ DEBUGMSGT(("9:cert:dump:names", "[%02d] NID type %d, ASN type %d\n", i, onid, - oname_value->type)); + oname_value_type)); DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, prefix_short, ASN1_STRING_get0_data(oname_value))); } @@ -434,19 +436,21 @@ break; case GEN_IPADD: - if (oname->d.iPAddress->length == 4) { - sprintf(ipbuf, "%d.%d.%d.%d", oname->d.iPAddress->data[0], - oname->d.iPAddress->data[1], - oname->d.iPAddress->data[2], - oname->d.iPAddress->data[3]); + int iplen = ASN1_STRING_length(oname->d.iPAddress); + const unsigned char *ipdata = ASN1_STRING_get0_data(oname->d.iPAddress); + if (iplen == 4) { + sprintf(ipbuf, "%d.%d.%d.%d", ipdata[0], + ipdata[1], + ipdata[2], + ipdata[3]); rtn = strdup(ipbuf); } - else if ((oname->d.iPAddress->length == 16) || - (oname->d.iPAddress->length == 20)) { + else if ((iplen == 16) || + (iplen == 20)) { char *pos = ipbuf; int j; - for(j = 0; j < oname->d.iPAddress->length; ++j) { - *pos++ = VAL2HEX(oname->d.iPAddress->data[j]); + for(j = 0; j < iplen; ++j) { + *pos++ = VAL2HEX(ipdata[j]); *pos++ = ':'; } *pos = '\0'; @@ -454,7 +458,7 @@ } else NETSNMP_LOGONCE((LOG_WARNING, "unexpected ip addr length %d\n", - oname->d.iPAddress->length)); + iplen)); break; default:
