From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH] net-snmp: add security patch from upstream 5.7.2.1
Date: Mon, 23 Jun 2014 15:38:12 +0200 [thread overview]
Message-ID: <20140623133812.GI16937@pengutronix.de> (raw)
In-Reply-To: <1403176327-26146-1-git-send-email-post@lespocky.de>
On Thu, Jun 19, 2014 at 01:12:07PM +0200, Alexander Dahl wrote:
> Upstream 5.7.2.1 was released fixing one security issue (possible denial
> of service with ICMP-MIB on linux). However the tarball is broken, so we
> just add this one patch on top of the working 5.7.2 tarball.
Thanks, applied.
Michael
>
> Signed-off-by: Alexander Dahl <post@lespocky.de>
> ---
> ...m-fenner-fix-ICMP-mib-table-handling-on-l.patch | 148 ++++++++++++++++++++
> ...0200-net-snmp-config-add-SYSROOT-support.patch} | 2 +-
> ...e-udp-and-tcp-when-disable-agentx-dom-so.patch} | 6 +-
> patches/net-snmp-5.7.2/series | 9 +-
> 4 files changed, 158 insertions(+), 7 deletions(-)
> create mode 100644 patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
> rename patches/net-snmp-5.7.2/{0001-net-snmp-config-add-SYSROOT-support.patch => 0200-net-snmp-config-add-SYSROOT-support.patch} (98%)
> rename patches/net-snmp-5.7.2/{0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch => 0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch} (90%)
>
> diff --git a/patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch b/patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
> new file mode 100644
> index 0000000..b0b2da8
> --- /dev/null
> +++ b/patches/net-snmp-5.7.2/0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
> @@ -0,0 +1,148 @@
> +From: Wes Hardaker <hardaker@users.sourceforge.net>
> +Date: Wed, 19 Feb 2014 15:21:57 -0800
> +Subject: [PATCH] bug fix from fenner: fix ICMP mib table handling on linux
> +
> +---
> + agent/mibgroup/mibII/icmp.c | 25 +++++++++++++++++++++++--
> + agent/mibgroup/mibII/kernel_linux.c | 19 +++++++++++++------
> + agent/mibgroup/mibII/kernel_linux.h | 4 ++--
> + 3 files changed, 38 insertions(+), 10 deletions(-)
> +
> +diff --git a/agent/mibgroup/mibII/icmp.c b/agent/mibgroup/mibII/icmp.c
> +index 14c73a6..6d10426 100644
> +--- a/agent/mibgroup/mibII/icmp.c
> ++++ b/agent/mibgroup/mibII/icmp.c
> +@@ -106,10 +106,20 @@ struct icmp_msg_stats_table_entry {
> + int flags;
> + };
> +
> ++#ifdef linux
> ++/* Linux keeps track of all possible message types */
> ++#define ICMP_MSG_STATS_IPV4_COUNT 256
> ++#else
> + #define ICMP_MSG_STATS_IPV4_COUNT 11
> ++#endif
> +
> + #ifdef NETSNMP_ENABLE_IPV6
> ++#ifdef linux
> ++/* Linux keeps track of all possible message types */
> ++#define ICMP_MSG_STATS_IPV6_COUNT 256
> ++#else
> + #define ICMP_MSG_STATS_IPV6_COUNT 14
> ++#endif
> + #else
> + #define ICMP_MSG_STATS_IPV6_COUNT 0
> + #endif /* NETSNMP_ENABLE_IPV6 */
> +@@ -177,7 +187,7 @@ icmp_msg_stats_load(netsnmp_cache *cache, void *vmagic)
> + inc = 0;
> + linux_read_icmp_msg_stat(&v4icmp, &v4icmpmsg, &flag);
> + if (flag) {
> +- while (254 != k) {
> ++ while (255 >= k) {
> + if (v4icmpmsg.vals[k].InType) {
> + icmp_msg_stats_table[i].ipVer = 1;
> + icmp_msg_stats_table[i].icmpMsgStatsType = k;
> +@@ -267,7 +277,7 @@ icmp_msg_stats_load(netsnmp_cache *cache, void *vmagic)
> + inc = 0;
> + linux_read_icmp6_msg_stat(&v6icmp, &v6icmpmsg, &flag);
> + if (flag) {
> +- while (254 != k) {
> ++ while (255 >= k) {
> + if (v6icmpmsg.vals[k].InType) {
> + icmp_msg_stats_table[i].ipVer = 2;
> + icmp_msg_stats_table[i].icmpMsgStatsType = k;
> +@@ -1050,6 +1060,12 @@ icmp_stats_table_handler(netsnmp_mib_handler *handler,
> + continue;
> + table_info = netsnmp_extract_table_info(request);
> + subid = table_info->colnum;
> ++ DEBUGMSGTL(( "mibII/icmpStatsTable", "oid: " ));
> ++ DEBUGMSGOID(( "mibII/icmpStatsTable", request->requestvb->name,
> ++ request->requestvb->name_length ));
> ++ DEBUGMSG(( "mibII/icmpStatsTable", " In %d InErr %d Out %d OutErr %d\n",
> ++ entry->icmpStatsInMsgs, entry->icmpStatsInErrors,
> ++ entry->icmpStatsOutMsgs, entry->icmpStatsOutErrors ));
> +
> + switch (subid) {
> + case ICMP_STAT_INMSG:
> +@@ -1117,6 +1133,11 @@ icmp_msg_stats_table_handler(netsnmp_mib_handler *handler,
> + continue;
> + table_info = netsnmp_extract_table_info(request);
> + subid = table_info->colnum;
> ++ DEBUGMSGTL(( "mibII/icmpMsgStatsTable", "oid: " ));
> ++ DEBUGMSGOID(( "mibII/icmpMsgStatsTable", request->requestvb->name,
> ++ request->requestvb->name_length ));
> ++ DEBUGMSG(( "mibII/icmpMsgStatsTable", " In %d Out %d Flags 0x%x\n",
> ++ entry->icmpMsgStatsInPkts, entry->icmpMsgStatsOutPkts, entry->flags ));
> +
> + switch (subid) {
> + case ICMP_MSG_STAT_IN_PKTS:
> +diff --git a/agent/mibgroup/mibII/kernel_linux.c b/agent/mibgroup/mibII/kernel_linux.c
> +index b21a166..ba320c7 100644
> +--- a/agent/mibgroup/mibII/kernel_linux.c
> ++++ b/agent/mibgroup/mibII/kernel_linux.c
> +@@ -81,9 +81,9 @@ decode_icmp_msg(char *line, char *data, struct icmp4_msg_mib *msg)
> + index = strtol(token, &delim, 0);
> + if (ERANGE == errno) {
> + continue;
> +- } else if (index > LONG_MAX) {
> ++ } else if (index > 255) {
> + continue;
> +- } else if (index < LONG_MIN) {
> ++ } else if (index < 0) {
> + continue;
> + }
> + if (NULL == (token = strtok_r(dataptr, " ", &saveptr1)))
> +@@ -94,9 +94,9 @@ decode_icmp_msg(char *line, char *data, struct icmp4_msg_mib *msg)
> + index = strtol(token, &delim, 0);
> + if (ERANGE == errno) {
> + continue;
> +- } else if (index > LONG_MAX) {
> ++ } else if (index > 255) {
> + continue;
> +- } else if (index < LONG_MIN) {
> ++ } else if (index < 0) {
> + continue;
> + }
> + if(NULL == (token = strtok_r(dataptr, " ", &saveptr1)))
> +@@ -426,14 +426,21 @@ linux_read_icmp6_parse(struct icmp6_mib *icmp6stat,
> +
> + vals = name;
> + if (NULL != icmp6msgstat) {
> ++ int type;
> + if (0 == strncmp(name, "Icmp6OutType", 12)) {
> + strsep(&vals, "e");
> +- icmp6msgstat->vals[atoi(vals)].OutType = stats;
> ++ type = atoi(vals);
> ++ if ( type < 0 || type > 255 )
> ++ continue;
> ++ icmp6msgstat->vals[type].OutType = stats;
> + *support = 1;
> + continue;
> + } else if (0 == strncmp(name, "Icmp6InType", 11)) {
> + strsep(&vals, "e");
> +- icmp6msgstat->vals[atoi(vals)].InType = stats;
> ++ type = atoi(vals);
> ++ if ( type < 0 || type > 255 )
> ++ continue;
> ++ icmp6msgstat->vals[type].InType = stats;
> + *support = 1;
> + continue;
> + }
> +diff --git a/agent/mibgroup/mibII/kernel_linux.h b/agent/mibgroup/mibII/kernel_linux.h
> +index 6bf5d47..c6dfca9 100644
> +--- a/agent/mibgroup/mibII/kernel_linux.h
> ++++ b/agent/mibgroup/mibII/kernel_linux.h
> +@@ -121,11 +121,11 @@ struct icmp_msg_mib {
> +
> + /* Lets use wrapper structures for future expansion */
> + struct icmp4_msg_mib {
> +- struct icmp_msg_mib vals[255];
> ++ struct icmp_msg_mib vals[256];
> + };
> +
> + struct icmp6_msg_mib {
> +- struct icmp_msg_mib vals[255];
> ++ struct icmp_msg_mib vals[256];
> + };
> +
> + struct udp_mib {
> diff --git a/patches/net-snmp-5.7.2/0001-net-snmp-config-add-SYSROOT-support.patch b/patches/net-snmp-5.7.2/0200-net-snmp-config-add-SYSROOT-support.patch
> similarity index 98%
> rename from patches/net-snmp-5.7.2/0001-net-snmp-config-add-SYSROOT-support.patch
> rename to patches/net-snmp-5.7.2/0200-net-snmp-config-add-SYSROOT-support.patch
> index a1161bb..9c46268 100644
> --- a/patches/net-snmp-5.7.2/0001-net-snmp-config-add-SYSROOT-support.patch
> +++ b/patches/net-snmp-5.7.2/0200-net-snmp-config-add-SYSROOT-support.patch
> @@ -12,7 +12,7 @@ Adapted to 5.7.2
>
> Signed-off-by: Alexander Dahl <post@lespocky.de>
> ---
> - net-snmp-config.in | 8 ++++----
> + net-snmp-config.in | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/net-snmp-config.in b/net-snmp-config.in
> diff --git a/patches/net-snmp-5.7.2/0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch b/patches/net-snmp-5.7.2/0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
> similarity index 90%
> rename from patches/net-snmp-5.7.2/0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
> rename to patches/net-snmp-5.7.2/0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
> index cd6605a..fb7be8c 100644
> --- a/patches/net-snmp-5.7.2/0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
> +++ b/patches/net-snmp-5.7.2/0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
> @@ -1,7 +1,7 @@
> From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig@pengutronix.de>
> Date: Tue, 3 Sep 2013 21:12:46 +0200
> -Subject: [PATCH] Don't disable udp and tcp when --disable-agentx-dom-sock-only
> - is given
> +Subject: [PATCH] Don't disable udp and tcp when
> + --disable-agentx-dom-sock-only is given
>
> The configure magic without this patch treats all
>
> @@ -13,7 +13,7 @@ the same; i.e. disables the udp and tcp transports. With this patch only the
> first option does have this effect which matches the usual and expected
> semantic.
> ---
> - configure.d/config_project_with_enable | 8 +++++---
> + configure.d/config_project_with_enable | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/configure.d/config_project_with_enable b/configure.d/config_project_with_enable
> diff --git a/patches/net-snmp-5.7.2/series b/patches/net-snmp-5.7.2/series
> index 1596362..f79fdd7 100644
> --- a/patches/net-snmp-5.7.2/series
> +++ b/patches/net-snmp-5.7.2/series
> @@ -1,5 +1,8 @@
> # generated by git-ptx-patches
> #tag:base --start-number 1
> -0001-net-snmp-config-add-SYSROOT-support.patch
> -0002-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
> -# 97810382623b86e69e492f3a5712bcf4 - git-ptx-patches magic
> +#tag:upstream --start-number 1
> +0001-bug-fix-from-fenner-fix-ICMP-mib-table-handling-on-l.patch
> +#tag:ptx --start-number 200
> +0200-net-snmp-config-add-SYSROOT-support.patch
> +0201-Don-t-disable-udp-and-tcp-when-disable-agentx-dom-so.patch
> +# eda93cf4517290230962af7514bfd246 - git-ptx-patches magic
> --
> 1.7.10.4
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
prev parent reply other threads:[~2014-06-23 13:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-19 11:12 Alexander Dahl
2014-06-23 13:38 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140623133812.GI16937@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox