Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 8 Jun 2016 17:43:04 +0000 (UTC)
From:      Garrett Cooper <ngie@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r301661 - in stable/10/contrib/bsnmp: lib snmp_mibII snmp_target
Message-ID:  <201606081743.u58Hh4lC036846@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ngie
Date: Wed Jun  8 17:43:04 2016
New Revision: 301661
URL: https://svnweb.freebsd.org/changeset/base/301661

Log:
  MFC r256678,r256680,r260986,r272878,r286402:
  
  r256678 (by syrinx):
  
  Fix SNMP Error response PDUs and properly encode them when using v3 auth/encryption.
  
  r256680 (by syrinx):
  
  Fix the -Wconversion warnings produced when compiling the SNMP agent.
  
  r260986 (by harti):
  
  Fix a problem with OBJECT IDENTIFIER encoding: need to check the
  second subid to be less than 40, not the first when the first
  subid is 0 or 1.
  
  r272878 (by syrinx):
  
  Fix a bug in decoding string indexes in snmp_target(3), thus causing
  bsnmpd(1) to not send v3 notifications properly; while here add two
  missing return statements which could lead to abort() in case of a
  rollback
  
  r286402 (by araujo):
  
  Fix variable 'old' is used uninitialized whenever '&&' condition is false.
  Spotted by clang.

Modified:
  stable/10/contrib/bsnmp/lib/asn1.c
  stable/10/contrib/bsnmp/lib/snmp.c
  stable/10/contrib/bsnmp/lib/snmp.h
  stable/10/contrib/bsnmp/lib/snmpagent.c
  stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c
  stable/10/contrib/bsnmp/snmp_target/target_snmp.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/contrib/bsnmp/lib/asn1.c
==============================================================================
--- stable/10/contrib/bsnmp/lib/asn1.c	Wed Jun  8 17:36:01 2016	(r301660)
+++ stable/10/contrib/bsnmp/lib/asn1.c	Wed Jun  8 17:43:04 2016	(r301661)
@@ -652,7 +652,7 @@ asn_put_objid(struct asn_buf *b, const s
 			err = ASN_ERR_RANGE;
 		}
 		if (oid->subs[0] > 2 ||
-		    (oid->subs[0] < 2 && oid->subs[0] >= 40)) {
+		    (oid->subs[0] < 2 && oid->subs[1] >= 40)) {
 			asn_error(NULL, "oid out of range (%u,%u)",
 			    oid->subs[0], oid->subs[1]);
 			err = ASN_ERR_RANGE;

Modified: stable/10/contrib/bsnmp/lib/snmp.c
==============================================================================
--- stable/10/contrib/bsnmp/lib/snmp.c	Wed Jun  8 17:36:01 2016	(r301660)
+++ stable/10/contrib/bsnmp/lib/snmp.c	Wed Jun  8 17:43:04 2016	(r301661)
@@ -288,11 +288,13 @@ parse_secparams(struct asn_buf *b, struc
 	memset(buf, 0, 256);
 	tb.asn_ptr = buf;
 	tb.asn_len = 256;
+	u_int len;
 
-	if (asn_get_octetstring(b, buf, &tb.asn_len) != ASN_ERR_OK) {
+	if (asn_get_octetstring(b, buf, &len) != ASN_ERR_OK) {
 		snmp_error("cannot parse usm header");
 		return (ASN_ERR_FAILED);
 	}
+	tb.asn_len = len;
 
 	if (asn_get_sequence(&tb, &octs_len) != ASN_ERR_OK) {
 		snmp_error("cannot decode usm header");
@@ -864,7 +866,7 @@ snmp_fix_encoding(struct asn_buf *b, str
 			return (SNMP_CODE_FAILED);
 
 		pdu->scoped_len = b->asn_ptr - pdu->scoped_ptr;
-		if ((code = snmp_pdu_fix_padd(b, pdu))!= ASN_ERR_OK)
+		if (snmp_pdu_fix_padd(b, pdu) != ASN_ERR_OK)
 			return (SNMP_CODE_FAILED);
 
 		if (pdu->security_model != SNMP_SECMODEL_USM)
@@ -997,7 +999,7 @@ snmp_pdu_encode(struct snmp_pdu *pdu, st
 	if ((err = snmp_pdu_encode_header(resp_b, pdu)) != SNMP_CODE_OK)
 		return (err);
 	for (idx = 0; idx < pdu->nbindings; idx++)
-		if ((err = snmp_binding_encode(resp_b, &pdu->bindings[idx]))
+		if (snmp_binding_encode(resp_b, &pdu->bindings[idx])
 		    != ASN_ERR_OK)
 			return (SNMP_CODE_FAILED);
 

Modified: stable/10/contrib/bsnmp/lib/snmp.h
==============================================================================
--- stable/10/contrib/bsnmp/lib/snmp.h	Wed Jun  8 17:36:01 2016	(r301660)
+++ stable/10/contrib/bsnmp/lib/snmp.h	Wed Jun  8 17:43:04 2016	(r301661)
@@ -182,7 +182,7 @@ struct snmp_pdu {
 
 	/* fixes for encoding */
 	size_t			outer_len;
-	size_t			scoped_len;
+	asn_len_t		scoped_len;
 	u_char			*outer_ptr;
 	u_char			*digest_ptr;
 	u_char			*encrypted_ptr;

Modified: stable/10/contrib/bsnmp/lib/snmpagent.c
==============================================================================
--- stable/10/contrib/bsnmp/lib/snmpagent.c	Wed Jun  8 17:36:01 2016	(r301660)
+++ stable/10/contrib/bsnmp/lib/snmpagent.c	Wed Jun  8 17:43:04 2016	(r301661)
@@ -166,7 +166,7 @@ find_subnode(const struct snmp_value *va
 }
 
 static void
-snmp_pdu_create_response(struct snmp_pdu *pdu, struct snmp_pdu *resp)
+snmp_pdu_create_response(const struct snmp_pdu *pdu, struct snmp_pdu *resp)
 {
 	memset(resp, 0, sizeof(*resp));
 	strcpy(resp->community, pdu->community);
@@ -276,7 +276,12 @@ snmp_get(struct snmp_pdu *pdu, struct as
 		}
 	}
 
-	return (snmp_fix_encoding(resp_b, resp));
+	if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) {
+		snmp_debug("get: failed to encode PDU");
+		return (SNMP_RET_ERR);
+	}
+
+	return (SNMP_RET_OK);
 }
 
 static struct snmp_node *
@@ -438,7 +443,13 @@ snmp_getnext(struct snmp_pdu *pdu, struc
 			return (SNMP_RET_ERR);
 		}
 	}
-	return (snmp_fix_encoding(resp_b, resp));
+
+	if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) {
+		snmp_debug("getnext: failed to encode PDU");
+		return (SNMP_RET_ERR);
+	}
+
+	return (SNMP_RET_OK);
 }
 
 enum snmp_ret
@@ -542,7 +553,12 @@ snmp_getbulk(struct snmp_pdu *pdu, struc
 	}
 
   done:
-	return (snmp_fix_encoding(resp_b, resp));
+	if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) {
+		snmp_debug("getnext: failed to encode PDU");
+		return (SNMP_RET_ERR);
+	}
+
+	return (SNMP_RET_OK);
 }
 
 /*
@@ -957,18 +973,57 @@ enum snmp_ret
 snmp_make_errresp(const struct snmp_pdu *pdu, struct asn_buf *pdu_b,
     struct asn_buf *resp_b)
 {
+	u_char type;
 	asn_len_t len;
 	struct snmp_pdu resp;
 	enum asn_err err;
 	enum snmp_code code;
 
-	memset(&resp, 0, sizeof(resp));
+	snmp_pdu_create_response(pdu, &resp);
+
 	if ((code = snmp_pdu_decode_header(pdu_b, &resp)) != SNMP_CODE_OK)
 		return (SNMP_RET_IGN);
 
-	if (pdu_b->asn_len < len)
+	if (pdu->version == SNMP_V3) {
+		if (resp.user.priv_proto != SNMP_PRIV_NOPRIV &&
+		   (asn_get_header(pdu_b, &type, &resp.scoped_len) != ASN_ERR_OK
+		   || type != ASN_TYPE_OCTETSTRING)) {
+			snmp_error("cannot decode encrypted pdu");
+			return (SNMP_RET_IGN);
+		}
+
+		if (asn_get_sequence(pdu_b, &len) != ASN_ERR_OK) {
+			snmp_error("cannot decode scoped pdu header");
+			return (SNMP_RET_IGN);
+		}
+
+		len = SNMP_ENGINE_ID_SIZ;
+		if (asn_get_octetstring(pdu_b, (u_char *)resp.context_engine,
+		    &len) != ASN_ERR_OK) {
+			snmp_error("cannot decode msg context engine");
+			return (SNMP_RET_IGN);
+		}
+		resp.context_engine_len = len;
+		len = SNMP_CONTEXT_NAME_SIZ;
+		if (asn_get_octetstring(pdu_b, (u_char *)resp.context_name,
+		    &len) != ASN_ERR_OK) {
+			snmp_error("cannot decode msg context name");
+			return (SNMP_RET_IGN);
+		}
+		resp.context_name[len] = '\0';
+	}
+
+
+	if (asn_get_header(pdu_b, &type, &len) != ASN_ERR_OK) {
+		snmp_error("cannot get pdu header");
 		return (SNMP_RET_IGN);
-	pdu_b->asn_len = len;
+	}
+
+	if ((type & ~ASN_TYPE_MASK) !=
+	    (ASN_TYPE_CONSTRUCTED | ASN_CLASS_CONTEXT)) {
+		snmp_error("bad pdu header tag");
+		return (SNMP_RET_IGN);
+	}
 
 	err = snmp_parse_pdus_hdr(pdu_b, &resp, &len);
 	if (ASN_ERR_STOPPED(err))

Modified: stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c
==============================================================================
--- stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c	Wed Jun  8 17:36:01 2016	(r301660)
+++ stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c	Wed Jun  8 17:43:04 2016	(r301661)
@@ -151,7 +151,7 @@ int
 op_ip(struct snmp_context *ctx, struct snmp_value *value,
     u_int sub, u_int idx __unused, enum snmp_op op)
 {
-	int old;
+	int old = 0;
 
 	switch (op) {
 

Modified: stable/10/contrib/bsnmp/snmp_target/target_snmp.c
==============================================================================
--- stable/10/contrib/bsnmp/snmp_target/target_snmp.c	Wed Jun  8 17:36:01 2016	(r301660)
+++ stable/10/contrib/bsnmp/snmp_target/target_snmp.c	Wed Jun  8 17:43:04 2016	(r301661)
@@ -301,6 +301,7 @@ op_snmp_target_addrs(struct snmp_context
 		default:
 			break;	
 		}
+		return (SNMP_ERR_NOERROR);
 
 	default:
 		abort();
@@ -625,6 +626,7 @@ op_snmp_notify(struct snmp_context *ctx 
 		default:
 			break;
 		}
+		return (SNMP_ERR_NOERROR);
 
 	default:
 		abort();
@@ -663,13 +665,14 @@ target_append_index(struct asn_oid *oid,
 static int
 target_decode_index(const struct asn_oid *oid, uint sub, char *name)
 {
-	uint32_t i, len;
+	uint32_t i;
 
-	if ((len = oid->len - sub) >= SNMP_ADM_STR32_SIZ)
+	if (oid->len - sub != oid->subs[sub] + 1 || oid->subs[sub] >=
+	    SNMP_ADM_STR32_SIZ)
 		return (-1);
 
-	for (i = 0; i < len; i++)
-		name[i] = oid->subs[sub + i];
+	for (i = 0; i < oid->subs[sub]; i++)
+		name[i] = oid->subs[sub + i + 1];
 	name[i] = '\0';
 
 	return (0);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606081743.u58Hh4lC036846>