When experimenting with snmpd I found the following crash: $ snmpctl snmp walk 127.0.0.1 oid 1 Segmentation fault (core dumped)
The problem is a NULL dereference in ber_free_elements: #0 0x00000370920d24ca in ber_free_elements (root=0x0) at /usr/src/usr.sbin/snmpctl/../snmpd/ber.c:897 #1 0x00000370920d4386 in ber_printf_elements (ber=0x0, fmt=0x370920c79b9 "0}}") at /usr/src/usr.sbin/snmpctl/../snmpd/ber.c:645 #2 0x00000370920dbd0d in snmpc_sendreq (sc=0x7f7ffffbdcf0, type=1) at /usr/src/usr.sbin/snmpctl/snmpclient.c:413 #3 0x00000370920dba93 in snmpc_request (sc=0x7f7ffffbdcf0, type=1) at /usr/src/usr.sbin/snmpctl/snmpclient.c:217 #4 0x00000370920dba38 in snmpc_run (sc=0x7f7ffffbdcf0, action=WALK, oid=0x373171110e0 "1") at /usr/src/usr.sbin/snmpctl/snmpclient.c:207 #5 0x00000370920db891 in snmpclient (res=0x3709211f4e8) at /usr/src/usr.sbin/snmpctl/snmpclient.c:175 #6 0x00000370920dc8b4 in main (argc=5, argv=0x7f7ffffbe1a0) at /usr/src/usr.sbin/snmpctl/snmpctl.c:133 A simple NULL-check fixes the issue, but since I'm new to BER and snmp I'm not sure if this is the right approach or whether there's a logic- fault somewhere else. $ ./snmpctl snmp walk 127.0.0.1 oid 1 snmpctl: request failed: Invalid argument martijn@ Index: ber.c =================================================================== RCS file: /cvs/src/usr.sbin/snmpd/ber.c,v retrieving revision 1.48 diff -u -p -r1.48 ber.c --- ber.c 12 Aug 2018 22:04:09 -0000 1.48 +++ ber.c 1 Nov 2018 10:56:47 -0000 @@ -894,6 +894,8 @@ ber_free_element(struct ber_element *roo void ber_free_elements(struct ber_element *root) { + if (root == NULL) + return; if (root->be_sub && (root->be_encoding == BER_TYPE_SEQUENCE || root->be_encoding == BER_TYPE_SET)) ber_free_elements(root->be_sub);