Bug 984661

Summary: snmp_set_var_typed_value function for ASN_IPADDRESS sets wrong size
Product: Red Hat Enterprise Linux 6 Reporter: Konstantin Volkov <wolf>
Component: net-snmpAssignee: Jan Safranek <jsafrane>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4CC: wolf
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-12 13:42:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Konstantin Volkov 2013-07-15 16:13:04 UTC 
Description of problem:

snmp_set_var_typed_value function for ASN_IPADDRESS sets wrong size

Version-Release number of selected component (if applicable):
net-snmp-5.5-44.el6_4.2

How reproducible:
100%

Steps to Reproduce:
1. Call snmp_set_var_typed_value() with ip address in args for ASN_IPADDRESS to build a trap
2. send the trap
3. sink cannot parse the packet

Actual results:
4

Expected results:
sizeof(in_addr_t)

Additional info:
Previous version was OK (net-snmp-5.5-44.el6_4.1), net-snmp-5.5-ber-int-size.patch brokes the lib:

---
-        case ASN_OCTET_STR:
         case ASN_IPADDRESS:
+            if (vp->val_len != 4)
+                return -1;
+            /* fallthrough */
+        case ASN_OCTET_STR:
         case ASN_OPAQUE:
         case ASN_NSAP:
             if (vp->val_len < sizeof(vp->buf)) {
---

should be

if (vp->val_len != sizeof(in_addr_t))
Comment 2 Jan Safranek 2013-08-12 11:04:19 UTC 
(In reply to Konstantin Volkov from comment #0)
> should be
> 
> if (vp->val_len != sizeof(in_addr_t))

Pardon my ignorance, but on which architecture is sizeof(in_addr_t) != 4 ?
Comment 3 Konstantin Volkov 2013-08-12 13:24:23 UTC 
Of cause, sizeof(in_addr_t) always = 4.

In our code we passed next:

---
u_long n = htonl(src_);
snmp_set_var_typed_value(&dst_, ASN_IPADDRESS, (u_char* )&n, sizeof(n));
---

and it works OK with previous net_snmp version.

My fault, please close.
Comment 4 Jan Safranek 2013-08-12 13:42:29 UTC 
Thanks for the clarification, closing.