Hide Forgot
Description of problem: When net-snmp is given a certificate with an extension that is longer than 512 characters, snmp crashes on startup. Version-Release number of selected component (if applicable): net-snmp-5.8-17.el8.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure net-snmp using an EV certificate from a CA (in this case Globalsign). 2. Start snmpd. 3. Actual results: [root@localhost tls]# systemctl status snmpd.service ● snmpd.service - Simple Network Management Protocol (SNMP) Daemon. Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled) Active: failed (Result: core-dump) since Wed 2020-12-16 21:21:59 SAST; 16min ago Process: 53269 ExecStart=/usr/sbin/snmpd $OPTIONS -f (code=dumped, signal=SEGV) Main PID: 53269 (code=dumped, signal=SEGV) Dec 16 21:21:57 localhost systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon.... Dec 16 21:21:58 localhost snmpd[53269]: refusing to read world readable or writable key /etc/snmp/tls/certs/snmpd.crt Dec 16 21:21:58 localhost snmpd[53269]: not enough space or error in allocation for extenstion Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Main process exited, code=dumped, status=11/SEGV Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Failed with result 'core-dump'. Dec 16 21:21:59 localhost systemd[1]: Failed to start Simple Network Management Protocol (SNMP) Daemon.. Expected results: Deamon starts without a crash. Additional info: Fix available here: https://github.com/net-snmp/net-snmp/pull/234
Backport to v5.9: https://github.com/net-snmp/net-snmp/pull/236
Two fixes were attempted, final patches look like this: https://github.com/net-snmp/net-snmp/commit/9d001c34196df47526260441af35a509a325e41f.diff https://github.com/net-snmp/net-snmp/commit/4c5d2ceae4d4a8b77db48fc8fff77e14943ff4d3.diff https://github.com/net-snmp/net-snmp/commit/bb30f8ee0075750fd3648a6bf3fab543f46152ed.diff https://github.com/net-snmp/net-snmp/commit/969226ea501b92e1a2ed427bc1a46f18ef2890b7.diff
Moving to RHEL-8.5
Quick ping on this one - fix has been released here: https://github.com/net-snmp/net-snmp/releases/tag/v5.9.1.rc1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (net-snmp bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2021:4439