** Description changed:
+ [Impact]
+
+ When the user requests a bulkget operation using the snmpv3 protocol,
+ and this operation errors out, snmpd will experience a double free error
+ and will abort. This will obviously be very annoying to the user,
+ because from the client side it is not possible to determine why the
+ server suddenly stopped responding.
+
+ Upstream has fixed this problem already, albeit it took several patches
+ to get everything right. The fix involved redesigning how a specific
+ struct is manipulated internally, including the addition of a refcount
+ mechanism.
+
+ [Test Case]
+
+ To reproduce the issue, one can do:
+
+ $ lxc launch ubuntu-daily:focal net-snmp-bug1877027-focal
+ $ lxc shell net-snmp-bug1877027-focal
+ # apt update
+ # apt install -y snmpd snmp
+ # systemctl stop snmpd.service
+ # cat >> /var/lib/snmp/snmpd.conf << __EOF__
+ createUser testuser SHA "testpass" AES "testpass"
+ __EOF__
+ # cat >> /etc/snmp/snmpd.conf << __EOF__
+ rwuser testuser
+ __EOF__
+ # systemct start snmpd.service
+ # snmpbulkget -v3 -Cn1 -Cr1472 -l authPriv -u testuser -a SHA -A testpass -x
AES -X testpass 127.0.0.1 1.3.6.1.2.1.1.5 1.3.6.1.2.1.1.7
+
+ You can check that snmpd crashed by doing:
+
+ # systemctl status snmpd.service
+
+ [Regression Potential]
+
+ Due to the fact that several patches needed to be backported to fix this
+ issue, and that parts of the code had to be redesign in order to
+ guarantee that nothing is being freed twice, there exists the
+ possibility of encountering a regression when dealing with snmpv3,
+ because most of the code that was touched was there to deal with
+ security states of the protocol.
+
+ I took a non-trivial amount of time to review the patches and make sure
+ that they are as contained as possible, and I am satisfied with the
+ approach taken by upstream.
+
+ [Other Info]
+
+ It is interesting to note that when the bug is fixed, the "snmpbulkget"
+ command will fail with:
+
+ Error in packet.
+ Reason: (genError) A general failure occured
+
+ This is expected, and upstream also shows this error.
+
+ [Original Description]
+
Logs:
Apr 30 19:39:11 snmpd[1895]: Cannot adopt OID in UCD-SNMP-MIB: laIndex
::= { laEntry 1 }
Apr 30 19:39:11 snmpd[1895]: /etc/snmp/snmpd.conf: line 157: Warning:
Unknown token: defaultMonitors.
Apr 30 19:39:11 snmpd[1895]: /etc/snmp/snmpd.conf: line 160: Warning:
Unknown token: linkUpDownNotifications.
Apr 30 19:39:11 snmpd[1895]: /var/lib/snmp/snmpd.conf: line 34: Warning:
Unknown token: _mteTTable.
Apr 30 19:39:11 snmpd[1895]: /var/lib/snmp/snmpd.conf: line 35: Warning:
Unknown token: _mteTTable.
Apr 30 19:39:11 snmpd[1895]: /var/lib/snmp/snmpd.conf: line 36: Warning:
Unknown token: _mteTTable.
Apr 30 19:39:11 snmpd[1895]: /var/lib/snmp/snmpd.conf: line 37:
Warning: Unknown token: _mteTTable.
Apr 30 19:39:11 snmpd[1895]: /var/lib/snmp/snmpd.conf: line 38: Warning:
Unknown token: _mteTTable.
Apr 30 19:39:11 snmpd[1895]: /var/lib/snmp/snmpd.conf: line 39: Warning:
Unknown token: _mteTTable.
Apr 30 19:39:11 snmpd[1895]: /var/lib/snmp/snmpd.conf: line 40: Warning:
Unknown token: _mteTTable.
Apr 30 19:39:11 snmpd[1895]: Error opening specified endpoint "udp:161"
Apr 30 19:39:11 snmpd[1895]: Server Exiting with code 1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped running all of sudden (snmpd 5.8+dfsg-2)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
