packages/net-snmp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!47 backport some patches from upstream

Browse Source 
From: @XWwalker 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
This commit is contained in:
openeuler-ci-bot 2022-09-30 06:14:58 +00:00 committed by Gitee
commit 12b166e40f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 253 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch Normal file
View File

@ -0,0 +1,26 @@
From 2cd0e7d72a76ba27a18315b9ae67e6ed6d2c464a Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 9 Aug 2021 13:38:36 -0700
Subject: [PATCH] IF-MIB: Add a trailing newline to an error message
Fixes: 8bb544fbd2d6 ("Linux: IF-MIB: Fix a memory leak")
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e56cadf46..5322ee937 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -927,7 +927,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
netsnmp_interface_entry *existing =
CONTAINER_FIND(container, entry);
NETSNMP_LOGONCE((LOG_WARNING,
- "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s\n",
entry->index, existing ? existing->name : "(?)",
entry->name));
netsnmp_access_interface_entry_free(entry);
--
2.33.0

54
backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch Normal file
View File

@ -0,0 +1,54 @@
From d4b58c60367a262d829eb33e7888d28cd4337481 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 5 Aug 2021 18:56:50 -0700
Subject: [PATCH] IF-MIB: Fix a recently introduced use-after-free
Do not free the netsnmp_interface_entry corresponding to the previous line
from /proc/dev/net if an interface disappeared. Additionally, reduce the
scope of the 'entry' variable.
Fixes: 600c54135b10 ("IF-MIB, IP-FORWARD-MIB: Improve robustness")
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index 9d9b2ceb3..ea7389682 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
{
FILE *devin;
char line[256];
- netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0;
int fd;
int interfaces = 0;
@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
* and retrieve (or create) the corresponding data structure.
*/
while (fgets(line, sizeof(line), devin)) {
+ netsnmp_interface_entry *entry = NULL;
char *stats, *ifstart = line;
u_int flags;
oid if_index;
@@ -738,7 +738,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
if (if_index == 0) {
DEBUGMSGTL(("access:interface", "network interface %s is gone",
ifstart));
- goto free_entry;
+ continue;
}
#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
@@ -933,7 +933,6 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
"Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
entry->index, existing ? existing->name : "(?)",
entry->name));
-free_entry:
netsnmp_access_interface_entry_free(entry);
}
}
--
2.33.0

80
backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch Normal file
View File

@ -0,0 +1,80 @@
From 600c54135b1015d56070f702d878772dd9f0d51e Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 2 Aug 2021 19:04:31 -0700
Subject: [PATCH] IF-MIB, IP-FORWARD-MIB: Improve robustness
It can happen that a network interface disappears after scanning has started
and before netsnmp_arch_interface_index_find() or another query function is
called. If that happens, ignore the network interface silently.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 7 ++++++-
.../mibgroup/ip-forward-mib/data_access/route_linux.c | 11 ++++++-----
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index 215b30e80..7e4a35130 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -734,7 +734,11 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
* knows a better way, put it here!
*/
if_index = netsnmp_arch_interface_index_find(ifstart);
- netsnmp_assert(if_index != 0);
+ if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart));
+ goto free_entry;
+ }
#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
#endif
@@ -928,6 +932,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
"Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
entry->index, existing ? existing->name : "(?)",
entry->name));
+free_entry:
netsnmp_access_interface_entry_free(entry);
}
}
diff --git a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
index 956e127c9..9b6a63ead 100644
--- a/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
+++ b/agent/mibgroup/ip-forward-mib/data_access/route_linux.c
@@ -97,9 +97,7 @@ _load_ipv4(netsnmp_container* container, u_long *index )
snmp_log(LOG_ERR,
"/proc/net/route data format error (%d!=8), line ==|%s|",
rc, line);
-
- netsnmp_access_route_entry_free(entry);
- continue;
+ goto free_entry;
}
/*
@@ -114,9 +112,12 @@ _load_ipv4(netsnmp_container* container, u_long *index )
* but since that will open/close a socket, and we might
* have a lot of routes, call the ioctl routine directly.
*/
- if ('*' != name[0])
+ if ('*' != name[0]) {
entry->if_index =
netsnmp_access_interface_ioctl_ifindex_get(fd,name);
+ if (entry->if_index == 0)
+ goto free_entry;
+ }
/*
* arbitrary index
@@ -186,8 +187,8 @@ _load_ipv4(netsnmp_container* container, u_long *index )
if (CONTAINER_INSERT(container, entry) < 0)
{
DEBUGMSGTL(("access:route:container", "error with route_entry: insert into container failed.\n"));
+free_entry:
netsnmp_access_route_entry_free(entry);
- continue;
}
}
--
2.33.0

37
backport-Linux-IF-MIB-Fix-a-memory-leak.patch Normal file
View File

@ -0,0 +1,37 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a21..215b30e80 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);
--
2.33.0

40
backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch Normal file
View File

@ -0,0 +1,40 @@
From 8da919e4ad66dec376f54a6d2f7dd7a7fe68b8f0 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:01:11 -0700
Subject: [PATCH] Linux: IF-MIB: Pass the network interface index to
netsnmp_access_interface_entry_create()
Instead of letting netsnmp_access_interface_entry_create() call
netsnmp_arch_interface_index_find() a second time, pass the network interface
index to that function.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index 9c96eb92d..e99360a21 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -733,8 +733,9 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
* ip version is to look for ip addresses. If anyone
* knows a better way, put it here!
*/
-#ifdef NETSNMP_ENABLE_IPV6
if_index = netsnmp_arch_interface_index_find(ifstart);
+ netsnmp_assert(if_index != 0);
+#ifdef NETSNMP_ENABLE_IPV6
_arch_interface_has_ipv6(if_index, &flags, addr_container);
#endif
netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc);
@@ -752,7 +753,7 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
continue;
}
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);
--
2.33.0

17
net-snmp.spec
View File

@ -3,7 +3,7 @@
Name: net-snmp Name: net-snmp
Version: 5.9.1 Version: 5.9.1
Release: 4 Release: 5
Epoch: 1 Epoch: 1
Summary: SNMP Daemon Summary: SNMP Daemon
License: BSD License: BSD
@ -49,6 +49,11 @@ Patch32: backport-Python-Fix-snmpwalk-with-UseNumeric-1.patch
Patch33: backport-net-snmp-5.9.1-autoconf.patch Patch33: backport-net-snmp-5.9.1-autoconf.patch
Patch34: backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch Patch34: backport-0001-CVE-2022-24805-24806-24807-24808-24809-24810.patch
Patch35: backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch Patch35: backport-0002-CVE-2022-24805-24806-24807-24808-24809-24810.patch
Patch36: backport-Linux-IF-MIB-Pass-the-network-interface-index-to-net.patch
Patch37: backport-Linux-IF-MIB-Fix-a-memory-leak.patch
Patch38: backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch
Patch39: backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch
Patch40: backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch
%{?systemd_requires} %{?systemd_requires}
BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel
@ -328,6 +333,16 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_mandir}/man1/fixproc* %{_mandir}/man1/fixproc*
%changelog %changelog
* Fri Sep 30 2022 xingwei <xingwei14@h-partners.com> - 1:5.9.1-5
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: IF-MIB, IP-FORWARD-MIB: Improve robustness
IF-MIB: pass the network interface index to net
IF-MIB: fix a memory leak
IF-MIB: fix a recently introduced use after free
IF-MIB: add a trailing newline to an error message
* Sat Aug 27 2022 gaihuiying <eaglegai@163.com> - 1:5.9.1-4 * Sat Aug 27 2022 gaihuiying <eaglegai@163.com> - 1:5.9.1-4
- Type:CVE - Type:CVE
- CVE:CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 - CVE:CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810