Date: Tue, 03 Jan 2017 05:39:45 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 215721] bsnmpwalk .1 spews out an uninitialized stream for an OID Message-ID: <bug-215721-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215721 Bug ID: 215721 Summary: bsnmpwalk .1 spews out an uninitialized stream for an OID Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: ngie@FreeBSD.org .1 is a common alias for the `iso` OID root. Unfortunately bsnmpwalk doesn't like that -- in particular it claims the OID is too short and spews out a stream of uninitialized memory. Example: % bsnmpwalk .1 2>&1 | less ASN.1: short oid at a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a= 5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 = a5 a5 a5 a5 a5 a5 ... ASN.1: short oid at a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a= 5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 = a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 ... bsnmpwalk: Snmp dialog: Invalid argument % valgrind claimed it was something to do with uninitialized heap space being passed to asn_put_objid(..) from snmp_dialog(..): ASN.1: short oid at=3D=3D79003=3D=3D Use of uninitialised value of size 8 =3D=3D79003=3D=3D at 0x5343CA5: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341BB1: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341A12: vfprintf_l (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5349F12: fprintf (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnm= p.so.6) =3D=3D79003=3D=3D by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so= .6) =3D=3D79003=3D=3D by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D Uninitialised value was created by a heap allocation =3D=3D79003=3D=3D at 0x4C246B0: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so) =3D=3D79003=3D=3D by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4022FFF: ??? =3D=3D79003=3D=3D =3D=3D79003=3D=3D Conditional jump or move depends on uninitialised value(s) =3D=3D79003=3D=3D at 0x5343CB4: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341BB1: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341A12: vfprintf_l (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5349F12: fprintf (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnm= p.so.6) =3D=3D79003=3D=3D by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so= .6) =3D=3D79003=3D=3D by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D Uninitialised value was created by a heap allocation =3D=3D79003=3D=3D at 0x4C246B0: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so) =3D=3D79003=3D=3D by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4022FFF: ??? =3D=3D79003=3D=3D =3D=3D79003=3D=3D 19928 errors in context 1 of 2: =3D=3D79003=3D=3D Conditional jump or move depends on uninitialised value(s) =3D=3D79003=3D=3D at 0x5343CB4: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341BB1: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341A12: vfprintf_l (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5349F12: fprintf (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnm= p.so.6) =3D=3D79003=3D=3D by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so= .6) =3D=3D79003=3D=3D by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D Uninitialised value was created by a heap allocation =3D=3D79003=3D=3D at 0x4C246B0: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so) =3D=3D79003=3D=3D by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4022FFF: ??? =3D=3D79003=3D=3D=20 =3D=3D79003=3D=3D=20 =3D=3D79003=3D=3D 19928 errors in context 2 of 2: =3D=3D79003=3D=3D Use of uninitialised value of size 8 =3D=3D79003=3D=3D at 0x5343CA5: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341BB1: ??? (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5341A12: vfprintf_l (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x5349F12: fprintf (in /lib/libc.so.7) =3D=3D79003=3D=3D by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnm= p.so.6) =3D=3D79003=3D=3D by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so= .6) =3D=3D79003=3D=3D by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D Uninitialised value was created by a heap allocation =3D=3D79003=3D=3D at 0x4C246B0: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so) =3D=3D79003=3D=3D by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6) =3D=3D79003=3D=3D by 0x402AAB: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4020DE: ??? (in /usr/bin/bsnmpwalk) =3D=3D79003=3D=3D by 0x4022FFF: ??? I believe the value passed in via bsnmpwalk is tainted.. asn_put_objid is dumping out information for an OID deemed to be len =3D=3D 1. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215721-8>