rpms/net-snmp/F-9 net-snmp-5.4.1-getbulk-crash.patch, NONE, 1.1 net-snmp.spec, 1.152, 1.153
Jan Šafránek
jsafrane at fedoraproject.org
Mon Nov 3 08:53:17 UTC 2008
- Previous message (by thread): rpms/flashrom/EL-4 .cvsignore, 1.10, 1.11 flashrom.spec, 1.12, 1.13 import.log, 1.2, 1.3 sources, 1.10, 1.11
- Next message (by thread): rpms/net-snmp/F-8 net-snmp-5.4.1-getbulk-crash.patch, NONE, 1.1 net-snmp.spec, 1.137, 1.138
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jsafrane
Update of /cvs/pkgs/rpms/net-snmp/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15841
Modified Files:
net-snmp.spec
Added Files:
net-snmp-5.4.1-getbulk-crash.patch
Log Message:
explicitly require the right version and release of net-snmp and net-snmp-libs
Resolves: #451225
fix CVE-2008-4309
Resolves: CVE-2008-4309
net-snmp-5.4.1-getbulk-crash.patch:
--- NEW FILE net-snmp-5.4.1-getbulk-crash.patch ---
CVE-2008-4309: net-snmp: numresponses calculation integer overflow in snmp_agent.c
Source: upstream, http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17272
Index: clean/agent/snmp_agent.c
===================================================================
--- clean.orig/agent/snmp_agent.c 2008-10-28 23:12:10.000000000 +0100
+++ clean/agent/snmp_agent.c 2008-10-28 23:15:11.000000000 +0100
@@ -2234,7 +2234,6 @@
r = 0;
asp->bulkcache = NULL;
} else {
- int numresponses;
int maxbulk =
netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
@@ -2245,28 +2244,31 @@
if (maxresponses == 0)
maxresponses = 100; /* more than reasonable default */
- if (maxbulk == 0)
- maxbulk = -1;
+ /* ensure that the total number of responses fits in a mallocable
+ * result vector
+ */
+ if (maxresponses < 0 ||
+ maxresponses > INT_MAX / sizeof(struct varbind_list *))
+ maxresponses = INT_MAX / sizeof(struct varbind_list *);
+
+ /* ensure that the maximum number of repetitions will fit in the
+ * result vector
+ */
+ if (maxbulk <= 0 || maxbulk > maxresponses / r)
+ maxbulk = maxresponses / r;
/* limit getbulk number of repeats to a configured size */
- if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
+ if (asp->pdu->errindex > maxbulk) {
asp->pdu->errindex = maxbulk;
- }
-
- numresponses = asp->pdu->errindex * r;
-
- /* limit getbulk number of getbulk responses to a configured size */
- if (maxresponses != -1 && numresponses > maxresponses) {
- /* attempt to truncate this */
- asp->pdu->errindex = maxresponses/r;
- numresponses = asp->pdu->errindex * r;
- DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
+ DEBUGMSGTL(("snmp_agent",
+ "truncating number of getbulk repeats to %d\n",
+ asp->pdu->errindex));
}
asp->bulkcache =
- (netsnmp_variable_list **) malloc(numresponses *
- sizeof(struct
- varbind_list *));
+ (netsnmp_variable_list **) malloc(
+ asp->pdu->errindex * r * sizeof(struct varbind_list *));
+
if (!asp->bulkcache) {
DEBUGMSGTL(("snmp_agent", "Bulkcache malloc failed\n"));
return SNMP_ERR_GENERR;
Index: net-snmp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/net-snmp/F-9/net-snmp.spec,v
retrieving revision 1.152
retrieving revision 1.153
diff -u -r1.152 -r1.153
--- net-snmp.spec 23 Oct 2008 07:52:30 -0000 1.152
+++ net-snmp.spec 3 Nov 2008 08:52:46 -0000 1.153
@@ -44,6 +44,7 @@
Patch19: net-snmp-5.4.1-perl-snprintf.patch
Patch20: net-snmp-5.4.1-perl-set.patch
Patch21: net-snmp-5.4.1-long-iface-names.patch
+Patch22: net-snmp-5.4.1-getbulk-crash.patch
Requires(pre): chkconfig
Requires(post): chkconfig
@@ -52,6 +53,7 @@
Requires(preun): initscripts
# for /bin/rm
Requires(preun): coreutils
+Requires: %{name}-libs = %{epoch}:%{version}-%{release}
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openssl-devel, bzip2-devel, elfutils-devel
@@ -86,7 +88,7 @@
%package utils
Group: Applications/System
Summary: Network management utilities using SNMP, from the NET-SNMP project
-Requires: %{name} = %{epoch}:%{version}
+Requires: %{name} = %{epoch}:%{version}-%{release}
%description utils
The net-snmp-utils package contains various utilities for use with the
@@ -99,7 +101,7 @@
%package devel
Group: Development/Libraries
Summary: The development environment for the NET-SNMP project
-Requires: %{name} = %{epoch}:%{version}
+Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: elfutils-devel, rpm-devel, elfutils-libelf-devel, openssl-devel
%if %{tcp_wrappers}
Requires: tcp_wrappers-devel
@@ -121,7 +123,7 @@
%package perl
Group: Development/Libraries
Summary: The perl NET-SNMP module and the mib2c tool
-Requires: %{name} = %{epoch}:%{version}, perl >= 5
+Requires: %{name} = %{epoch}:%{version}-%{release}, perl >= 5
BuildRequires: perl >= 5
%description perl
@@ -134,7 +136,7 @@
%package gui
Group: Applications/System
Summary: An interactive graphical MIB browser for SNMP
-Requires: perl-Tk, net-snmp-perl
+Requires: perl-Tk, net-snmp-perl = %{epoch}:%{version}-%{release}
%description gui
The net-snmp-gui package contains tkmib utility, which is a graphical user
@@ -179,6 +181,7 @@
%patch19 -p3 -b .perl-snprintf
%patch20 -p1 -b .perl-set
%patch21 -p2 -b .long-iface-names
+%patch22 -p1 -b .getbulk-crash
# Do this patch with a perl hack...
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@@ -398,6 +401,9 @@
* Tue Jul 22 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-19
- fix perl SNMP::Session::set (#452131)
- support interface names longer than 8 characters (#468045)
+- explicitly require the right version and release of net-snmp and
+ net-snmp-libs
+- fix CVE-2008-4309
* Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4.1-18
- explicitly require lm_sensor > 3 for build (#442718)
- Previous message (by thread): rpms/flashrom/EL-4 .cvsignore, 1.10, 1.11 flashrom.spec, 1.12, 1.13 import.log, 1.2, 1.3 sources, 1.10, 1.11
- Next message (by thread): rpms/net-snmp/F-8 net-snmp-5.4.1-getbulk-crash.patch, NONE, 1.1 net-snmp.spec, 1.137, 1.138
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list