From owner-svn-src-all@freebsd.org Wed Jun 8 17:43:06 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24ADBB6F943; Wed, 8 Jun 2016 17:43:06 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D9DB0144D; Wed, 8 Jun 2016 17:43:05 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u58Hh5Q5036852; Wed, 8 Jun 2016 17:43:05 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u58Hh4lC036846; Wed, 8 Jun 2016 17:43:04 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201606081743.u58Hh4lC036846@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Garrett Cooper Date: Wed, 8 Jun 2016 17:43:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r301661 - in stable/10/contrib/bsnmp: lib snmp_mibII snmp_target X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 17:43:06 -0000 Author: ngie Date: Wed Jun 8 17:43:04 2016 New Revision: 301661 URL: https://svnweb.freebsd.org/changeset/base/301661 Log: MFC r256678,r256680,r260986,r272878,r286402: r256678 (by syrinx): Fix SNMP Error response PDUs and properly encode them when using v3 auth/encryption. r256680 (by syrinx): Fix the -Wconversion warnings produced when compiling the SNMP agent. r260986 (by harti): Fix a problem with OBJECT IDENTIFIER encoding: need to check the second subid to be less than 40, not the first when the first subid is 0 or 1. r272878 (by syrinx): Fix a bug in decoding string indexes in snmp_target(3), thus causing bsnmpd(1) to not send v3 notifications properly; while here add two missing return statements which could lead to abort() in case of a rollback r286402 (by araujo): Fix variable 'old' is used uninitialized whenever '&&' condition is false. Spotted by clang. Modified: stable/10/contrib/bsnmp/lib/asn1.c stable/10/contrib/bsnmp/lib/snmp.c stable/10/contrib/bsnmp/lib/snmp.h stable/10/contrib/bsnmp/lib/snmpagent.c stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c stable/10/contrib/bsnmp/snmp_target/target_snmp.c Directory Properties: stable/10/ (props changed) Modified: stable/10/contrib/bsnmp/lib/asn1.c ============================================================================== --- stable/10/contrib/bsnmp/lib/asn1.c Wed Jun 8 17:36:01 2016 (r301660) +++ stable/10/contrib/bsnmp/lib/asn1.c Wed Jun 8 17:43:04 2016 (r301661) @@ -652,7 +652,7 @@ asn_put_objid(struct asn_buf *b, const s err = ASN_ERR_RANGE; } if (oid->subs[0] > 2 || - (oid->subs[0] < 2 && oid->subs[0] >= 40)) { + (oid->subs[0] < 2 && oid->subs[1] >= 40)) { asn_error(NULL, "oid out of range (%u,%u)", oid->subs[0], oid->subs[1]); err = ASN_ERR_RANGE; Modified: stable/10/contrib/bsnmp/lib/snmp.c ============================================================================== --- stable/10/contrib/bsnmp/lib/snmp.c Wed Jun 8 17:36:01 2016 (r301660) +++ stable/10/contrib/bsnmp/lib/snmp.c Wed Jun 8 17:43:04 2016 (r301661) @@ -288,11 +288,13 @@ parse_secparams(struct asn_buf *b, struc memset(buf, 0, 256); tb.asn_ptr = buf; tb.asn_len = 256; + u_int len; - if (asn_get_octetstring(b, buf, &tb.asn_len) != ASN_ERR_OK) { + if (asn_get_octetstring(b, buf, &len) != ASN_ERR_OK) { snmp_error("cannot parse usm header"); return (ASN_ERR_FAILED); } + tb.asn_len = len; if (asn_get_sequence(&tb, &octs_len) != ASN_ERR_OK) { snmp_error("cannot decode usm header"); @@ -864,7 +866,7 @@ snmp_fix_encoding(struct asn_buf *b, str return (SNMP_CODE_FAILED); pdu->scoped_len = b->asn_ptr - pdu->scoped_ptr; - if ((code = snmp_pdu_fix_padd(b, pdu))!= ASN_ERR_OK) + if (snmp_pdu_fix_padd(b, pdu) != ASN_ERR_OK) return (SNMP_CODE_FAILED); if (pdu->security_model != SNMP_SECMODEL_USM) @@ -997,7 +999,7 @@ snmp_pdu_encode(struct snmp_pdu *pdu, st if ((err = snmp_pdu_encode_header(resp_b, pdu)) != SNMP_CODE_OK) return (err); for (idx = 0; idx < pdu->nbindings; idx++) - if ((err = snmp_binding_encode(resp_b, &pdu->bindings[idx])) + if (snmp_binding_encode(resp_b, &pdu->bindings[idx]) != ASN_ERR_OK) return (SNMP_CODE_FAILED); Modified: stable/10/contrib/bsnmp/lib/snmp.h ============================================================================== --- stable/10/contrib/bsnmp/lib/snmp.h Wed Jun 8 17:36:01 2016 (r301660) +++ stable/10/contrib/bsnmp/lib/snmp.h Wed Jun 8 17:43:04 2016 (r301661) @@ -182,7 +182,7 @@ struct snmp_pdu { /* fixes for encoding */ size_t outer_len; - size_t scoped_len; + asn_len_t scoped_len; u_char *outer_ptr; u_char *digest_ptr; u_char *encrypted_ptr; Modified: stable/10/contrib/bsnmp/lib/snmpagent.c ============================================================================== --- stable/10/contrib/bsnmp/lib/snmpagent.c Wed Jun 8 17:36:01 2016 (r301660) +++ stable/10/contrib/bsnmp/lib/snmpagent.c Wed Jun 8 17:43:04 2016 (r301661) @@ -166,7 +166,7 @@ find_subnode(const struct snmp_value *va } static void -snmp_pdu_create_response(struct snmp_pdu *pdu, struct snmp_pdu *resp) +snmp_pdu_create_response(const struct snmp_pdu *pdu, struct snmp_pdu *resp) { memset(resp, 0, sizeof(*resp)); strcpy(resp->community, pdu->community); @@ -276,7 +276,12 @@ snmp_get(struct snmp_pdu *pdu, struct as } } - return (snmp_fix_encoding(resp_b, resp)); + if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) { + snmp_debug("get: failed to encode PDU"); + return (SNMP_RET_ERR); + } + + return (SNMP_RET_OK); } static struct snmp_node * @@ -438,7 +443,13 @@ snmp_getnext(struct snmp_pdu *pdu, struc return (SNMP_RET_ERR); } } - return (snmp_fix_encoding(resp_b, resp)); + + if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) { + snmp_debug("getnext: failed to encode PDU"); + return (SNMP_RET_ERR); + } + + return (SNMP_RET_OK); } enum snmp_ret @@ -542,7 +553,12 @@ snmp_getbulk(struct snmp_pdu *pdu, struc } done: - return (snmp_fix_encoding(resp_b, resp)); + if (snmp_fix_encoding(resp_b, resp) != SNMP_CODE_OK) { + snmp_debug("getnext: failed to encode PDU"); + return (SNMP_RET_ERR); + } + + return (SNMP_RET_OK); } /* @@ -957,18 +973,57 @@ enum snmp_ret snmp_make_errresp(const struct snmp_pdu *pdu, struct asn_buf *pdu_b, struct asn_buf *resp_b) { + u_char type; asn_len_t len; struct snmp_pdu resp; enum asn_err err; enum snmp_code code; - memset(&resp, 0, sizeof(resp)); + snmp_pdu_create_response(pdu, &resp); + if ((code = snmp_pdu_decode_header(pdu_b, &resp)) != SNMP_CODE_OK) return (SNMP_RET_IGN); - if (pdu_b->asn_len < len) + if (pdu->version == SNMP_V3) { + if (resp.user.priv_proto != SNMP_PRIV_NOPRIV && + (asn_get_header(pdu_b, &type, &resp.scoped_len) != ASN_ERR_OK + || type != ASN_TYPE_OCTETSTRING)) { + snmp_error("cannot decode encrypted pdu"); + return (SNMP_RET_IGN); + } + + if (asn_get_sequence(pdu_b, &len) != ASN_ERR_OK) { + snmp_error("cannot decode scoped pdu header"); + return (SNMP_RET_IGN); + } + + len = SNMP_ENGINE_ID_SIZ; + if (asn_get_octetstring(pdu_b, (u_char *)resp.context_engine, + &len) != ASN_ERR_OK) { + snmp_error("cannot decode msg context engine"); + return (SNMP_RET_IGN); + } + resp.context_engine_len = len; + len = SNMP_CONTEXT_NAME_SIZ; + if (asn_get_octetstring(pdu_b, (u_char *)resp.context_name, + &len) != ASN_ERR_OK) { + snmp_error("cannot decode msg context name"); + return (SNMP_RET_IGN); + } + resp.context_name[len] = '\0'; + } + + + if (asn_get_header(pdu_b, &type, &len) != ASN_ERR_OK) { + snmp_error("cannot get pdu header"); return (SNMP_RET_IGN); - pdu_b->asn_len = len; + } + + if ((type & ~ASN_TYPE_MASK) != + (ASN_TYPE_CONSTRUCTED | ASN_CLASS_CONTEXT)) { + snmp_error("bad pdu header tag"); + return (SNMP_RET_IGN); + } err = snmp_parse_pdus_hdr(pdu_b, &resp, &len); if (ASN_ERR_STOPPED(err)) Modified: stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c ============================================================================== --- stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c Wed Jun 8 17:36:01 2016 (r301660) +++ stable/10/contrib/bsnmp/snmp_mibII/mibII_ip.c Wed Jun 8 17:43:04 2016 (r301661) @@ -151,7 +151,7 @@ int op_ip(struct snmp_context *ctx, struct snmp_value *value, u_int sub, u_int idx __unused, enum snmp_op op) { - int old; + int old = 0; switch (op) { Modified: stable/10/contrib/bsnmp/snmp_target/target_snmp.c ============================================================================== --- stable/10/contrib/bsnmp/snmp_target/target_snmp.c Wed Jun 8 17:36:01 2016 (r301660) +++ stable/10/contrib/bsnmp/snmp_target/target_snmp.c Wed Jun 8 17:43:04 2016 (r301661) @@ -301,6 +301,7 @@ op_snmp_target_addrs(struct snmp_context default: break; } + return (SNMP_ERR_NOERROR); default: abort(); @@ -625,6 +626,7 @@ op_snmp_notify(struct snmp_context *ctx default: break; } + return (SNMP_ERR_NOERROR); default: abort(); @@ -663,13 +665,14 @@ target_append_index(struct asn_oid *oid, static int target_decode_index(const struct asn_oid *oid, uint sub, char *name) { - uint32_t i, len; + uint32_t i; - if ((len = oid->len - sub) >= SNMP_ADM_STR32_SIZ) + if (oid->len - sub != oid->subs[sub] + 1 || oid->subs[sub] >= + SNMP_ADM_STR32_SIZ) return (-1); - for (i = 0; i < len; i++) - name[i] = oid->subs[sub + i]; + for (i = 0; i < oid->subs[sub]; i++) + name[i] = oid->subs[sub + i + 1]; name[i] = '\0'; return (0);