Description of problem:
When net-snmp is given a certificate with an extension that is longer than 512 characters, snmp crashes on startup.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure net-snmp using an EV certificate from a CA (in this case Globalsign).
2. Start snmpd.
[root@localhost tls]# systemctl status snmpd.service
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Wed 2020-12-16 21:21:59 SAST; 16min ago
Process: 53269 ExecStart=/usr/sbin/snmpd $OPTIONS -f (code=dumped, signal=SEGV)
Main PID: 53269 (code=dumped, signal=SEGV)
Dec 16 21:21:57 localhost systemd: Starting Simple Network Management Protocol (SNMP) Daemon....
Dec 16 21:21:58 localhost snmpd: refusing to read world readable or writable key /etc/snmp/tls/certs/snmpd.crt
Dec 16 21:21:58 localhost snmpd: not enough space or error in allocation for extenstion
Dec 16 21:21:59 localhost systemd: snmpd.service: Main process exited, code=dumped, status=11/SEGV
Dec 16 21:21:59 localhost systemd: snmpd.service: Failed with result 'core-dump'.
Dec 16 21:21:59 localhost systemd: Failed to start Simple Network Management Protocol (SNMP) Daemon..
Deamon starts without a crash.
Fix available here:
Backport to v5.9:
Two fixes were attempted, final patches look like this:
Moving to RHEL-8.5
Quick ping on this one - fix has been released here:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (net-snmp bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.