mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-02 01:50:18 +00:00
Code Issues Projects Releases Wiki Activity

net-snmp: fix CVE-2014-2285

Browse Source 
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.

Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1072044

Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
This commit is contained in:
Junling Zheng
2015-05-04 03:22:26 +00:00
committed by Joe MacDonald
parent 2cb54ed8a1
commit ff3c52f44d
2 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Fix-CVE-2014-2285.patch
+49
View File
@@ -0,0 +1,49 @@
From 87a0d27102ceffb92e5c1d6fbbd24972a9dd33ac Mon Sep 17 00:00:00 2001
From: Junling Zheng <zhengjunling@huawei.com>
Date: Mon, 20 Apr 2015 10:23:08 +0000
Subject: [PATCH] Fix CVE-2014-2285
Sending SNMP trap with empty community string crashes snmptrapd if Perl
handler is enabled.
Refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=1072044
Upstream Status: Backported
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
---
perl/TrapReceiver/TrapReceiver.xs | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/perl/TrapReceiver/TrapReceiver.xs b/perl/TrapReceiver/TrapReceiver.xs
index 531bfa4..ac94370 100644
--- a/perl/TrapReceiver/TrapReceiver.xs
+++ b/perl/TrapReceiver/TrapReceiver.xs
@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu *pdu,
STOREPDUi("securitymodel", pdu->securityModel);
STOREPDUi("securitylevel", pdu->securityLevel);
STOREPDU("contextName",
- newSVpv(pdu->contextName, pdu->contextNameLen));
+ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
STOREPDU("contextEngineID",
- newSVpv((char *) pdu->contextEngineID,
+ newSVpv((char *)(pdu->contextEngineID ? pdu->contextEngineID : ""),
pdu->contextEngineIDLen));
STOREPDU("securityEngineID",
- newSVpv((char *) pdu->securityEngineID,
+ newSVpv((char *)(pdu->securityEngineID ? pdu->securityEngineID : ""),
pdu->securityEngineIDLen));
STOREPDU("securityName",
- newSVpv((char *) pdu->securityName, pdu->securityNameLen));
+ newSVpv((char *)(pdu->securityName ? pdu->securityName : ""), pdu->securityNameLen));
} else {
STOREPDU("community",
- newSVpv((char *) pdu->community, pdu->community_len));
+ newSVpv((char *)(pdu->community ? pdu->community : ""), pdu->community_len));
}
if (transport && transport->f_fmtaddr) {
--
1.8.3.4
meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.1.bb
+1
View File
@@ -19,6 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.zip \
file://fix-libtool-finish.patch \ file://fix-libtool-finish.patch \
file://net-snmp-testing-add-the-output-format-for-ptest.patch \ file://net-snmp-testing-add-the-output-format-for-ptest.patch \
file://run-ptest \ file://run-ptest \
file://0001-Fix-CVE-2014-2285.patch \
" "
SRC_URI[md5sum] = "a2c83518648b0f2a5d378625e45c0e18" SRC_URI[md5sum] = "a2c83518648b0f2a5d378625e45c0e18"