Bug#444986: snmpd: argument parsing causes segfaults

2007-10-23 Thread Sebastian Dröge 
Hi,
is there any progress on this? The patch looks simple enough and
although this is reported for the Ubuntu version of this package also
affects the Debian version (the only Ubuntu changes affect the init
scripts btw).

Bye




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#444986: snmpd: argument parsing causes segfaults

2007-10-23 Thread Sebastian Dröge 
Am Dienstag, den 23.10.2007, 10:56 +0200 schrieb Sebastian Dröge:
 Hi,
 is there any progress on this? The patch looks simple enough and
 although this is reported for the Ubuntu version of this package also
 affects the Debian version (the only Ubuntu changes affect the init
 scripts btw).

Also there are more instances of
optarg = argv[++optind];

These could of course cause even more segfaults then if optind+1 
argc...




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#444986: snmpd: argument parsing causes segfaults

2007-10-02 Thread Mark A. Hershberger 
Package: snmpd
Version: 5.3.1-6ubuntu1
Severity: serious

$ sudo snmpd -LS
Segmentation fault
$ sudo snmpd -LE
Segmentation fault
$ sudo snmpd -LO
Segmentation fault

But argument parsing for the -LS option is messed up further:
$ sudo snmpd -LSwd
invalid syslog facility: S

Attached patch fixes the problem.

-- System Information:
Debian Release: lenny/sid
  APT prefers gutsy-updates
  APT policy: (500, 'gutsy-updates'), (500, 'gutsy-security'), (500, 
'gutsy-backports'), (500, 'gutsy')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-12-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages snmpd depends on:
ii  adduser3.103ubuntu1  Add and remove users and groups
ii  debconf1.5.14Debian configuration management sy
ii  libc6  2.6.1-1ubuntu8GNU C Library: Shared libraries
ii  libsensors31:2.10.4-1ubuntu1 library to read temperature/voltag
ii  libsnmp10  5.3.1-6ubuntu1NET SNMP (Simple Network Managemen
ii  libwrap0   7.6.dbs-14Wietse Venema's TCP wrappers libra

snmpd recommends no packages.
diff -ub net-snmp-5.4.1\~dfsg/snmplib/snmp_logging.c\~ net-snmp-5.4.1\~dfsg/snmplib/snmp_logging.c
--- net-snmp-5.4.1~dfsg/snmplib/snmp_logging.c~	2007-10-01 19:41:28.0 -0400
+++ net-snmp-5.4.1~dfsg/snmplib/snmp_logging.c	2007-10-01 22:48:14.0 -0400
@@ -179,6 +179,8 @@
 {
 int pri_low = LOG_DEBUG;
 
+if (optarg == NULL)
+return -1;
 
 switch (*optarg) {
 case '0':
@@ -386,7 +388,7 @@
 case 'S':
 priority = decode_priority( optarg, pri_max );
 if (priority == -1 || !argv)  return -1;
-optarg = argv[++optind];
+optarg++;
 /* Fallthrough */
 case 's':
 if (inc_optind)

Diff finished.  Tue Oct  2 08:59:29 2007