RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1100099 - net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid
Summary: net-snmp-python adds zeros to end of IP address (IPADDR type), which is not v...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: net-snmp
Version: 6.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Jan Safranek
QA Contact: Dalibor Pospíšil
URL:
Whiteboard:
Depends On:
Blocks: 1075802
TreeView+ depends on / blocked
 
Reported: 2014-05-22 02:52 UTC by Yoshifumi Kinoshita
Modified: 2018-12-06 16:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Net-SNMP python binding used wrong size for variables of IPADDRESS type, 8 bytes instead of 4. Consequence: Applications using Net-SNMP Python bindings could send malformed SNMP messages. Fix: The bindings now use 4 bytes for variables with IPADRESS type. Result: Applications send valid SNMP messages.
Clone Of:
: 1252034 (view as bug list)
Environment:
Last Closed: 2015-07-22 07:22:40 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1385 0 normal SHIPPED_LIVE Moderate: net-snmp security and bug fix update 2015-07-20 18:07:39 UTC

Description Yoshifumi Kinoshita 2014-05-22 02:52:23 UTC 
Description of problem:

  net-snmp-python adds zeros to end of IP address (IPADDR type), which is not valid.
  This bug report is copied from http://sourceforge.net/p/net-snmp/bugs/2436/

Version-Release number of selected component (if applicable):

  net-snmp-python-5.5-49.el6_5.1.x86_64

How reproducible:

  Always

Steps to Reproduce:
1. Create test script like this.
--- snmp_test.py
#!/bin/env python

import netsnmp

# this is only performing the IP function for the purposes of seeing the invalid IP address via tcpdump
oid = netsnmp.Varbind('.1.3.6.1.4.1.9.9.96.1.1.1.1', '5.50', '192.168.0.1', 'IPADDR')
result = netsnmp.snmpset(oid, Version = 2, DestHost = '192.168.0.254', Community = "secret")
print result


2. Run tcpdump for the packet capturing.

  # tcpdump -i any -s0 -w snmp.pcap  port 161

3. Run the script.

  # python snmp_test.py


Actual results:

The captured packet looks like this.
0000   04 06 73 65 63 72 65 74 a3 2a 02 04 09 c9 03 ba  ..secret.*......
0010   02 01 00 02 01 00 30 1c 30 1a 06 0e 2b 06 01 04  ......0.0...+...
0020   01 09 09 60 01 01 01 01 05 32 40 08 c0 a8 00 01  ...`.....2@.....
0030   00 00 00 00                                      ....

Type: 0x40
Length: 0x08
Value: "c0 a8 00 01 00 00 00 00" => 192.168.0.1.0.0.0.0



Expected results:

The packet should be like this.
0000   04 06 73 65 63 72 65 74 a3 2a 02 04 09 c9 03 ba  ..secret.*......
0010   02 01 00 02 01 00 30 1c 30 1a 06 0e 2b 06 01 04  ......0.0...+...
0020   01 09 09 60 01 01 01 01 05 32 40 04 c0 a8 00 01  ...`.....2@.....

Type: 0x40
Length: 0x04
Value: "c0 a8 00 01" => 192.168.0.1


Additional info:

  I verified the reproducer duplicates the bug on my RHEL6 successfully.
Comment 8 errata-xmlrpc 2015-07-22 07:22:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1385.html
Note You need to log in before you can comment on or make changes to this bug.