Bug 1100099 - net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid
Summary: net-snmp-python adds zeros to end of IP address (IPADDR type), which is not v...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: net-snmp
Version: 6.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Jan Safranek
QA Contact: Dalibor Pospíšil
URL:
Whiteboard:
Depends On:
Blocks: 1075802
TreeView+ depends on / blocked
 
Reported: 2014-05-22 02:52 UTC by Yoshifumi Kinoshita
Modified: 2018-12-06 16:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Net-SNMP python binding used wrong size for variables of IPADDRESS type, 8 bytes instead of 4. Consequence: Applications using Net-SNMP Python bindings could send malformed SNMP messages. Fix: The bindings now use 4 bytes for variables with IPADRESS type. Result: Applications send valid SNMP messages.
Clone Of:
: 1252034 (view as bug list)
Environment:
Last Closed: 2015-07-22 07:22:40 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1385 normal SHIPPED_LIVE Moderate: net-snmp security and bug fix update 2015-07-20 18:07:39 UTC

Description Yoshifumi Kinoshita 2014-05-22 02:52:23 UTC
Description of problem:

  net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid.
  This bug report is copied from http://sourceforge.net/p/net-snmp/bugs/2436/

Version-Release number of selected component (if applicable):

  net-snmp-python-5.5-49.el6_5.1.x86_64

How reproducible:

  Always

Steps to Reproduce:
1. Create test script like this.
--- snmp_test.py
#!/bin/env python

import netsnmp

# this is only performing the IP function for the purposes of seeing the invalid IP address via tcpdump
oid = netsnmp.Varbind('.1.3.6.1.4.1.9.9.96.1.1.1.1', '5.50', '192.168.0.1', 'IPADDR')
result = netsnmp.snmpset(oid, Version = 2, DestHost = '192.168.0.254', Community = "secret")
print result


2. Run tcpdump for the packet capturing.

  # tcpdump -i any -s0 -w snmp.pcap  port 161

3. Run the script.

  # python snmp_test.py


Actual results:

The captured packet looks like this.
0000   04 06 73 65 63 72 65 74 a3 2a 02 04 09 c9 03 ba  ..secret.*......
0010   02 01 00 02 01 00 30 1c 30 1a 06 0e 2b 06 01 04  ......0.0...+...
0020   01 09 09 60 01 01 01 01 05 32 40 08 c0 a8 00 01  ...`.....2@.....
0030   00 00 00 00                                      ....

Type: 0x40
Length: 0x08
Value: "c0 a8 00 01 00 00 00 00" => 192.168.0.1.0.0.0.0



Expected results:

The packet should be like this.
0000   04 06 73 65 63 72 65 74 a3 2a 02 04 09 c9 03 ba  ..secret.*......
0010   02 01 00 02 01 00 30 1c 30 1a 06 0e 2b 06 01 04  ......0.0...+...
0020   01 09 09 60 01 01 01 01 05 32 40 04 c0 a8 00 01  ...`.....2@.....

Type: 0x40
Length: 0x04
Value: "c0 a8 00 01" => 192.168.0.1


Additional info:

  I verified the reproducer duplicates the bug on my RHEL6 successfully.

Comment 8 errata-xmlrpc 2015-07-22 07:22:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1385.html


Note You need to log in before you can comment on or make changes to this bug.