Hello,
I am running net-snmp 5.7.2 and it looks like there is a double free problem in
snmptrapd, in free_trapd_address() and parse_trapd_address().
I get a SIGABORT on the second SIGHUP (looks like it does a double free on the
first SIGHUP and on the second it crashes).
I have this snmptrapd.conf configuration:
snmpTrapdAddr udp:162,udp6:162
authCommunity log,execute,net public
And this is the back-trace from gdb:
*** glibc detected *** /opt/compass/bin/snmptrapd: free(): invalid next size
(fast): 0x080c17a8 ***
======= Backtrace: =========
/lib/libc.so.6[0xf7204845]
/lib/libc.so.6(cfree+0x9c)[0xf72066ec]
/opt/compass/bin/snmptrapd(free_trapd_address+0x2a)[0x804a6ba]
/usr/lib/libnetsnmp.so.30(free_config+0x32)[0xf74ae4c2]
/opt/compass/bin/snmptrapd[0x804a557]
/opt/compass/bin/snmptrapd[0x804bfa9]
/lib/libc.so.6(__libc_start_main+0xe5)[0xf71b0455]
I have a patch that fixes this issue, here is the diff:
@@ -446,6 +446,7 @@ free_trapd_address(void)
{
if (default_port != ddefault_port) {
free(default_port);
+ default_port = ddefault_port;
}
}
Tell me what you think about this solution..
And anyway, I see that pointers are not set to NULL after free(), so it can
occur on many other places as well..
BR
Michael Schwarcz
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
