From: Alexander Dahl <post@lespocky.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH] net-snmp: add security patch from upstream 5.7.2.1
Date: Thu, 19 Jun 2014 13:12:07 +0200 [thread overview]
Message-ID: <1403176327-26146-1-git-send-email-post@lespocky.de> (raw)
Upstream 5.7.2.1 was released fixing one security issue (possible denial
of service with ICMP-MIB on linux). However the tarball is broken, so we
just add this one patch on top of the working 5.7.2 tarball.
Signed-off-by: Alexander Dahl <post@lespocky.de>
---
...m-fenner-fix-ICMP-mib-table-handling-on-l.patch | 148 ++++++++++++++++++++
...0200-net-snmp-config-add-SYSROOT-support.patch} | 2 +-
...e-udp-and-tcp-when-disable-agentx-dom-so.patch} | 6 +-
patches/net-snmp-5.7.2/series | 9 +-
4 files changed, 158 insertions(+), 7 deletions(-)
create mode 100644 patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
rename patches/net-snmp-5.7.2/{0001-net-snmp-config-add-SYSROOT-support.patch => 0200-net-snmp-config-add-SYSROOT-support.patch} (98%)
rename patches/net-snmp-5.7.2/{0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch => 0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch} (90%)
diff --git a/patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch b/patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
new file mode 100644
index 0000000..b0b2da8
--- /dev/null
+++ b/patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
@@ -0,0 +1,148 @@
+From: Wes Hardaker <hardaker@users.sourceforge.net>
+Date: Wed, 19 Feb 2014 15:21:57 -0800
+Subject: [PATCH] bug fix from fenner: fix ICMP mib table handling on linux
+
+---
+ agent/mibgroup/mibII/icmp.c | 25 +++++++++++++++++++++++--
+ agent/mibgroup/mibII/kernel_linux.c | 19 +++++++++++++------
+ agent/mibgroup/mibII/kernel_linux.h | 4 ++--
+ 3 files changed, 38 insertions(+), 10 deletions(-)
+
+diff --git a/agent/mibgroup/mibII/icmp.c b/agent/mibgroup/mibII/icmp.c
+index 14c73a6..6d10426 100644
+--- a/agent/mibgroup/mibII/icmp.c
++++ b/agent/mibgroup/mibII/icmp.c
+@@ -106,10 +106,20 @@ struct icmp_msg_stats_table_entry {
+ int flags;
+ };
+
++#ifdef linux
++/* Linux keeps track of all possible message types */
++#define ICMP_MSG_STATS_IPV4_COUNT 256
++#else
+ #define ICMP_MSG_STATS_IPV4_COUNT 11
++#endif
+
+ #ifdef NETSNMP_ENABLE_IPV6
++#ifdef linux
++/* Linux keeps track of all possible message types */
++#define ICMP_MSG_STATS_IPV6_COUNT 256
++#else
+ #define ICMP_MSG_STATS_IPV6_COUNT 14
++#endif
+ #else
+ #define ICMP_MSG_STATS_IPV6_COUNT 0
+ #endif /* NETSNMP_ENABLE_IPV6 */
+@@ -177,7 +187,7 @@ icmp_msg_stats_load(netsnmp_cache *cache, void *vmagic)
+ inc = 0;
+ linux_read_icmp_msg_stat(&v4icmp, &v4icmpmsg, &flag);
+ if (flag) {
+- while (254 != k) {
++ while (255 >= k) {
+ if (v4icmpmsg.vals[k].InType) {
+ icmp_msg_stats_table[i].ipVer = 1;
+ icmp_msg_stats_table[i].icmpMsgStatsType = k;
+@@ -267,7 +277,7 @@ icmp_msg_stats_load(netsnmp_cache *cache, void *vmagic)
+ inc = 0;
+ linux_read_icmp6_msg_stat(&v6icmp, &v6icmpmsg, &flag);
+ if (flag) {
+- while (254 != k) {
++ while (255 >= k) {
+ if (v6icmpmsg.vals[k].InType) {
+ icmp_msg_stats_table[i].ipVer = 2;
+ icmp_msg_stats_table[i].icmpMsgStatsType = k;
+@@ -1050,6 +1060,12 @@ icmp_stats_table_handler(netsnmp_mib_handler *handler,
+ continue;
+ table_info = netsnmp_extract_table_info(request);
+ subid = table_info->colnum;
++ DEBUGMSGTL(( "mibII/icmpStatsTable", "oid: " ));
++ DEBUGMSGOID(( "mibII/icmpStatsTable", request->requestvb->name,
++ request->requestvb->name_length ));
++ DEBUGMSG(( "mibII/icmpStatsTable", " In %d InErr %d Out %d OutErr %d\n",
++ entry->icmpStatsInMsgs, entry->icmpStatsInErrors,
++ entry->icmpStatsOutMsgs, entry->icmpStatsOutErrors ));
+
+ switch (subid) {
+ case ICMP_STAT_INMSG:
+@@ -1117,6 +1133,11 @@ icmp_msg_stats_table_handler(netsnmp_mib_handler *handler,
+ continue;
+ table_info = netsnmp_extract_table_info(request);
+ subid = table_info->colnum;
++ DEBUGMSGTL(( "mibII/icmpMsgStatsTable", "oid: " ));
++ DEBUGMSGOID(( "mibII/icmpMsgStatsTable", request->requestvb->name,
++ request->requestvb->name_length ));
++ DEBUGMSG(( "mibII/icmpMsgStatsTable", " In %d Out %d Flags 0x%x\n",
++ entry->icmpMsgStatsInPkts, entry->icmpMsgStatsOutPkts, entry->flags ));
+
+ switch (subid) {
+ case ICMP_MSG_STAT_IN_PKTS:
+diff --git a/agent/mibgroup/mibII/kernel_linux.c b/agent/mibgroup/mibII/kernel_linux.c
+index b21a166..ba320c7 100644
+--- a/agent/mibgroup/mibII/kernel_linux.c
++++ b/agent/mibgroup/mibII/kernel_linux.c
+@@ -81,9 +81,9 @@ decode_icmp_msg(char *line, char *data, struct icmp4_msg_mib *msg)
+ index = strtol(token, &delim, 0);
+ if (ERANGE == errno) {
+ continue;
+- } else if (index > LONG_MAX) {
++ } else if (index > 255) {
+ continue;
+- } else if (index < LONG_MIN) {
++ } else if (index < 0) {
+ continue;
+ }
+ if (NULL == (token = strtok_r(dataptr, " ", &saveptr1)))
+@@ -94,9 +94,9 @@ decode_icmp_msg(char *line, char *data, struct icmp4_msg_mib *msg)
+ index = strtol(token, &delim, 0);
+ if (ERANGE == errno) {
+ continue;
+- } else if (index > LONG_MAX) {
++ } else if (index > 255) {
+ continue;
+- } else if (index < LONG_MIN) {
++ } else if (index < 0) {
+ continue;
+ }
+ if(NULL == (token = strtok_r(dataptr, " ", &saveptr1)))
+@@ -426,14 +426,21 @@ linux_read_icmp6_parse(struct icmp6_mib *icmp6stat,
+
+ vals = name;
+ if (NULL != icmp6msgstat) {
++ int type;
+ if (0 == strncmp(name, "Icmp6OutType", 12)) {
+ strsep(&vals, "e");
+- icmp6msgstat->vals[atoi(vals)].OutType = stats;
++ type = atoi(vals);
++ if ( type < 0 || type > 255 )
++ continue;
++ icmp6msgstat->vals[type].OutType = stats;
+ *support = 1;
+ continue;
+ } else if (0 == strncmp(name, "Icmp6InType", 11)) {
+ strsep(&vals, "e");
+- icmp6msgstat->vals[atoi(vals)].InType = stats;
++ type = atoi(vals);
++ if ( type < 0 || type > 255 )
++ continue;
++ icmp6msgstat->vals[type].InType = stats;
+ *support = 1;
+ continue;
+ }
+diff --git a/agent/mibgroup/mibII/kernel_linux.h b/agent/mibgroup/mibII/kernel_linux.h
+index 6bf5d47..c6dfca9 100644
+--- a/agent/mibgroup/mibII/kernel_linux.h
++++ b/agent/mibgroup/mibII/kernel_linux.h
+@@ -121,11 +121,11 @@ struct icmp_msg_mib {
+
+ /* Lets use wrapper structures for future expansion */
+ struct icmp4_msg_mib {
+- struct icmp_msg_mib vals[255];
++ struct icmp_msg_mib vals[256];
+ };
+
+ struct icmp6_msg_mib {
+- struct icmp_msg_mib vals[255];
++ struct icmp_msg_mib vals[256];
+ };
+
+ struct udp_mib {
diff --git a/patches/net-snmp-5.7.2/0001-net-snmp-config-add-SYSROOT-support.patch b/patches/net-snmp-5.7.2/0200-net-snmp-config-add-SYSROOT-support.patch
similarity index 98%
rename from patches/net-snmp-5.7.2/0001-net-snmp-config-add-SYSROOT-support.patch
rename to patches/net-snmp-5.7.2/0200-net-snmp-config-add-SYSROOT-support.patch
index a1161bb..9c46268 100644
--- a/patches/net-snmp-5.7.2/0001-net-snmp-config-add-SYSROOT-support.patch
+++ b/patches/net-snmp-5.7.2/0200-net-snmp-config-add-SYSROOT-support.patch
@@ -12,7 +12,7 @@ Adapted to 5.7.2
Signed-off-by: Alexander Dahl <post@lespocky.de>
---
- net-snmp-config.in | 8 ++++----
+ net-snmp-config.in | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net-snmp-config.in b/net-snmp-config.in
diff --git a/patches/net-snmp-5.7.2/0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch b/patches/net-snmp-5.7.2/0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
similarity index 90%
rename from patches/net-snmp-5.7.2/0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
rename to patches/net-snmp-5.7.2/0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
index cd6605a..fb7be8c 100644
--- a/patches/net-snmp-5.7.2/0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
+++ b/patches/net-snmp-5.7.2/0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
@@ -1,7 +1,7 @@
From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig@pengutronix.de>
Date: Tue, 3 Sep 2013 21:12:46 +0200
-Subject: [PATCH] Don't disable udp and tcp when --disable-agentx-dom-sock-only
- is given
+Subject: [PATCH] Don't disable udp and tcp when
+ --disable-agentx-dom-sock-only is given
The configure magic without this patch treats all
@@ -13,7 +13,7 @@ the same; i.e. disables the udp and tcp transports. With this patch only the
first option does have this effect which matches the usual and expected
semantic.
---
- configure.d/config_project_with_enable | 8 +++++---
+ configure.d/config_project_with_enable | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/configure.d/config_project_with_enable b/configure.d/config_project_with_enable
diff --git a/patches/net-snmp-5.7.2/series b/patches/net-snmp-5.7.2/series
index 1596362..f79fdd7 100644
--- a/patches/net-snmp-5.7.2/series
+++ b/patches/net-snmp-5.7.2/series
@@ -1,5 +1,8 @@
# generated by git-ptx-patches
#tag:base --start-number 1
-0001-net-snmp-config-add-SYSROOT-support.patch
-0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
-# 97810382623b86e69e492f3a5712bcf4 - git-ptx-patches magic
+#tag:upstream --start-number 1
+0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
+#tag:ptx --start-number 200
+0200-net-snmp-config-add-SYSROOT-support.patch
+0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
+# eda93cf4517290230962af7514bfd246 - git-ptx-patches magic
--
1.7.10.4
--
ptxdist mailing list
ptxdist@pengutronix.de
next reply other threads:[~2014-06-19 11:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-19 11:12 Alexander Dahl [this message]
2014-06-23 13:38 ` Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1403176327-26146-1-git-send-email-post@lespocky.de \
--to=post@lespocky.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox