Re: snmpctl segfault

Mon, 12 Nov 2018 08:05:54 -0800 

On Mon, Nov 12, 2018 at 04:51:38PM +0100, Martijn van Duren wrote:
> ping
> 
> On 11/1/18 11:57 AM, Martijn van Duren wrote:
> > When experimenting with snmpd I found the following crash:
> > $ snmpctl snmp walk 127.0.0.1 oid 1                           
> > Segmentation fault (core dumped)
> > 
> > The problem is a NULL dereference in ber_free_elements:
> > #0  0x00000370920d24ca in ber_free_elements (root=0x0) at 
> > /usr/src/usr.sbin/snmpctl/../snmpd/ber.c:897
> > #1  0x00000370920d4386 in ber_printf_elements (ber=0x0, fmt=0x370920c79b9 
> > "0}}") at /usr/src/usr.sbin/snmpctl/../snmpd/ber.c:645
> > #2  0x00000370920dbd0d in snmpc_sendreq (sc=0x7f7ffffbdcf0, type=1) at 
> > /usr/src/usr.sbin/snmpctl/snmpclient.c:413
> > #3  0x00000370920dba93 in snmpc_request (sc=0x7f7ffffbdcf0, type=1) at 
> > /usr/src/usr.sbin/snmpctl/snmpclient.c:217
> > #4  0x00000370920dba38 in snmpc_run (sc=0x7f7ffffbdcf0, action=WALK, 
> > oid=0x373171110e0 "1") at /usr/src/usr.sbin/snmpctl/snmpclient.c:207
> > #5  0x00000370920db891 in snmpclient (res=0x3709211f4e8) at 
> > /usr/src/usr.sbin/snmpctl/snmpclient.c:175
> > #6  0x00000370920dc8b4 in main (argc=5, argv=0x7f7ffffbe1a0) at 
> > /usr/src/usr.sbin/snmpctl/snmpctl.c:133
> > 
> > A simple NULL-check fixes the issue, but since I'm new to BER and snmp  
> > I'm not sure if this is the right approach or whether there's a logic-
> > fault somewhere else.
> > 
> > $ ./snmpctl snmp walk 127.0.0.1 oid 1
> > snmpctl: request failed: Invalid argument
> > 
> > martijn@
> > 
> > Index: ber.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/snmpd/ber.c,v
> > retrieving revision 1.48
> > diff -u -p -r1.48 ber.c
> > --- ber.c   12 Aug 2018 22:04:09 -0000      1.48
> > +++ ber.c   1 Nov 2018 10:56:47 -0000
> > @@ -894,6 +894,8 @@ ber_free_element(struct ber_element *roo
> >  void
> >  ber_free_elements(struct ber_element *root)
> >  {
> > +   if (root == NULL)
> > +           return;
> >     if (root->be_sub && (root->be_encoding == BER_TYPE_SEQUENCE ||
> >         root->be_encoding == BER_TYPE_SET))
> >             ber_free_elements(root->be_sub);
> > 

OK claudio@
Please sync all ber.c versions to do the same.

PS: ber_free_elements() could be refactored to use ber_free_element() but
that is for another time.

-- 
:wq Claudio

Reply via email to