I'm still not able to recreate this bug (#2943) where we
double free cb_data at the bottom of agentx_master_handler()
(with the netsnmp_free_delegated_cache()).

Just in looking at the code logic, it seems like we allocate
the netsnmp_delegated_cache structure only if the master
sent a CleanupSet PDU.   In the case I'm looking at, I can
see the master has already disconnected the subagent:

bgpd[5180]: snmp[info]: AgentX master disconnected us, reconnecting in 15
ip[8042]: *** Error in `/usr/sbin/snmpd': double free or corruption
(fasttop): 0x0000000001d15420 ***
zebra[21794]: snmp[info]: AgentX master disconnected us, reconnecting in 15

So when this happens, the master attempts to close_agentx_session().
My best guess (without being able to recreate this) is that this structure
is freed here first.   Is it possible to somehow protect the session
(and all subsessions) from being freed if there the master is in the process
of allocating  netsnmp_delegated_cache?

Can we set something like AGENTX_MSG_CLEANUPSET if we have
disconnected (or timed out) any/all subagents?  This is just to prevent the
double free that happens at the end of agentx_master_handler().

Thanks,
Sam
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to