Dear
All,
I'm trying to use
the net-snmp package, version 5.1.1. At the first time, I thought the package
does NOT support SETable abilities for RFC1213-MIB::ipRouteTable, because
everytime I try to use snmpset tool, the result always is "Timeout: No Response
from ..."
[EMAIL PROTECTED]
anhduy]$ snmpset -c private -v 2c 10.32.0.138
RFC1213-MIB::ipRouteIfIndex.10.32.0.0 i 1
Timeout: No Response from 10.32.0.138
Timeout: No Response from 10.32.0.138
Hence, I debug to
find the problem. Everything went smooth, until I reach the function
route_write.c : write_rte().
int
write_rte(int action,
u_char * var_val,
u_char var_val_type,
size_t var_val_len, u_char * statP, oid * name, size_t length)
write_rte(int action,
u_char * var_val,
u_char var_val_type,
size_t var_val_len, u_char * statP, oid * name, size_t length)
Corresponding to
above command, this function is called many times with almost same-value passed
arguments, except for argument "action", it increases interactively form 0
(RESERVE1 phase) to 3 (COMMIT phase) - where I had the snmpd crash. I walk
through the code and found that this is caused by:
} else if
(action == COMMIT)
{
rp->rt_ifix = rp->xx_ifix; // This statement have BUG ???
}
rp->rt_ifix = rp->xx_ifix; // This statement have BUG ???
}
At this time,
variable rp->xx_ifix = 2^32-1, and after the assigned statement, I got crash
:
Breakpoint
1, write_rte (action="" var_val=0x8157c70 "\001", var_val_type=2 '\002',
var_val_len=4,
statP=0x80df44c "\002", name=0x0, length=14) at /home/net-snmp/agent/mibgroup/mibII/route_write.c:417
417 if (action == RESERVE1) {
(gdb) n
432 } else if (action == COMMIT) {
(gdb) list
427 return SNMP_ERR_WRONGVALUE;
428 }
429
430 rp->xx_ifix = val;
431
432 } else if (action == COMMIT) {
433 rp->rt_ifix = rp->xx_ifix;
434 }
435 break;
436
(gdb) p var_val
$2 = (u_char *) 0x8157c70 "\001"
(gdb) p val
$3 = 544
(gdb) p *var_val
$4 = 1 '\001'
(gdb) p rp->xx_ifix
$5 = 4294967295
(gdb) c
Continuing.
statP=0x80df44c "\002", name=0x0, length=14) at /home/net-snmp/agent/mibgroup/mibII/route_write.c:417
417 if (action == RESERVE1) {
(gdb) n
432 } else if (action == COMMIT) {
(gdb) list
427 return SNMP_ERR_WRONGVALUE;
428 }
429
430 rp->xx_ifix = val;
431
432 } else if (action == COMMIT) {
433 rp->rt_ifix = rp->xx_ifix;
434 }
435 break;
436
(gdb) p var_val
$2 = (u_char *) 0x8157c70 "\001"
(gdb) p val
$3 = 544
(gdb) p *var_val
$4 = 1 '\001'
(gdb) p rp->xx_ifix
$5 = 4294967295
(gdb) c
Continuing.
Program
received signal SIGSEGV, Segmentation fault.
write_rte (action="" var_val=0x8157c70 "\001", var_val_type=2 '\002', var_val_len=4, statP=0x80df44c "\002",
name=0x0, length=14) at /home/net-snmp/agent/mibgroup/mibII/route_write.c:433
433 rp->rt_ifix = rp->xx_ifix;
(gdb)
Continuing.
write_rte (action="" var_val=0x8157c70 "\001", var_val_type=2 '\002', var_val_len=4, statP=0x80df44c "\002",
name=0x0, length=14) at /home/net-snmp/agent/mibgroup/mibII/route_write.c:433
433 rp->rt_ifix = rp->xx_ifix;
(gdb)
Continuing.
Program
terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
The program no longer exists.
Could anyone see the
problem before and tell me the root cause ?
Many
thanks,
-Duy
