Core dump with net-snmp-5.8

Tue, 02 Apr 2019 03:43:39 -0700 

Hi,

recently, I have hit to an issue in net-snmp-5.8, that is connected to the bug 
report [1].

When I tried to run agentofdeath test from [1], snmpd daemon will crash with 
malloc(): smallbin double linked list corrupted or double free() issue and 
dumps core (see bellow).
>From log file, I can identified one issue with "Unknown operation".

This issue is in the agentx_got_response function 
(agent/mibgroup/agentx/master.c). There isn't implemented action for 
NETSNMP_CALLBACK_OP_RESEND (defined in include/net-snmp/library/snmp_api.h).
As result "Unknown operation 6 in agentx_got_response" is shown in log file.

/var/log/messages
-------------------------------
Mar 28 06:52:42 localhost snmpd[12073]: Unknown operation 6 in 
agentx_got_response
Mar 28 06:52:43 localhost snmpd[12073]: Unknown operation 6 in 
agentx_got_response
Mar 28 06:52:43 localhost snmpd[12073]: malloc(): smallbin double linked list 
corrupted
Mar 28 06:52:43 localhost systemd[1]: Started Process Core Dump (PID 13652/UID 
0).
Mar 28 06:52:48 localhost systemd[1]: snmpd.service: Main process exited, 
code=dumped, status=6/ABRT
Mar 28 06:52:48 localhost systemd[1]: snmpd.service: Failed with result 
'core-dump'.
-------------------------------

The "Unknown operation" callback is caused by newly added piece of code in 
snmplib/snmp_api.c:

 static int
 snmp_resend_request(struct session_list *slp, netsnmp_request_list *rp,
 int incr_retries)
 {

...

         tv.tv_sec += tv.tv_usec / 1000000L;
         tv.tv_usec %= 1000000L;
         rp->expireM = tv;
+        if (rp->callback)
+            rp->callback(NETSNMP_CALLBACK_OP_RESEND, sp,
+                         rp->pdu->reqid, rp->pdu, rp->cb_data);
     }
     return 0;
 }


When I tried to remove it, it just stop complaining about operation 6, but the 
core dump is still present.

May I ask you for help with this issue? Do you have any idea, what causing this 
issue in 5.8 and how to fix it? 
I know, that Jan Safranek has fixed this for 5.7 by commit [2], but it looks 
like something other has changed and this issue is current again. 

[1] https://sourceforge.net/p/net-snmp/bugs/2411/
[2] 
https://github.com/net-snmp/net-snmp/commit/793d596838ff7cb48a73b675d62897c56c9e62df

Regards

Josef Ridky
Software Engineer
Core Services Team
Red Hat Czech, s.r.o.



_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to