527364 – inconsistentName error for the oid with the number greater than 255

Bug 527364 - inconsistentName error for the oid with the number greater than 255

Summary: inconsistentName error for the oid with the number greater than 255

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	net-snmp
Sub Component:
Version:	5.4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Safranek
QA Contact:	BaseOS QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-10-06 06:20 UTC by Masahiro Matsuya
Modified:	2018-10-27 14:09 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	668388 (view as bug list)
Environment:
Last Closed:	2010-03-30 08:29:17 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2010:0253	0	normal	SHIPPED_LIVE	net-snmp bug fix and enhancement update	2010-03-29 12:46:44 UTC

Description Masahiro Matsuya 2009-10-06 06:20:18 UTC

Description of problem:

When the snmpvacm command with createView for UCD-SNMP-MIB::memory is executed, 
inconsistentName error occurred.

# snmpvacm localhost -u readwrite -a MD5 -A authsecret -x DES -X privsecret -l authPriv createView vmini UCD-SNMP-MIB::memory
Error in packet.
Reason: inconsistentName (That object can not currently be created)
Failed object: SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyStatus."vmini".8.1.3.6.1.4.1.2021.4

Version-Release number of selected component (if applicable):

rhel 5.4 
net-snmp-5.3.2.2-7.el5

How reproducible:

always

Steps to Reproduce:

1. /etc/snmp/snmpd.conf
view        vall        included    .1
group       RWGroup     usm         readwrite
access      RWGroup     ""          any         priv    exact   vall    vall    none 

2. /var/net-snmp/snmpd.conf
createUser readwrite MD5 authsecret DES privsecret

3. # service snmpd restart

4. # snmpvacm localhost -u readwrite -a MD5 -A authsecret -x DES -X privsecret -l authPriv createView vmini UCD-SNMP-MIB::memory


Actual results:

Error in packet.
Reason: inconsistentName (That object can not currently be created)
Failed object: SNMP-VIEW-BASED-ACM-MIB::vacmViewTreeFamilyStatus."vmini".8.1.3.6.1.4.1.2021.4

Expected results:

View successfully created.

Additional info:

# snmptranslate -On UCD-SNMP-MIB::memory
.1.3.6.1.4.1.2021.4

When there is the number greater than 255 in the oid, it seems that view_parse_oid() returns SNMP_ERR_INCONSISTENTNAME.

------------------------
view_parse_oid(oid * oidIndex, size_t oidLen,
              unsigned char **viewName, size_t * viewNameLen,
              oid ** subtree, size_t * subtreeLen)
   ...
   for (i = 0; i < subtreeL; i++) {
       if (oidIndex[i + viewNameL + 1] > 255) {
           free(*viewName);
           free(*subtree);
           return SNMP_ERR_INCONSISTENTNAME;   <<=== Here!!
       }
       subtree[0][i] = (oid) oidIndex[i + viewNameL + 1];
   }


In this case, 2021 is greater than 255. So, view_parse_oid() returns SNMP_ERR_INCONSISTENTNAME, and this problem occurs. 


Then, according to /usr/share/snmp/mibs/SNMP-VIEW-BASED-ACM-MIB.txt,

==================================================
  -- Support for instance-level granularity is optional.
  --
  -- In some implementations, instance-level access control
  -- granularity may come at a high performance cost.  Managers
  -- should avoid requesting such configurations unnecessarily.

...

vacmViewTreeFamilyEntry OBJECT-TYPE
    SYNTAX       VacmViewTreeFamilyEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION "Information on a particular family of view subtrees
                 included in or excluded from a particular SNMP
                 context's MIB view.
...
                 If a create for an entry for instance-level access
                 control is received and the implementation does not
                 support instance-level granularity, then an
                 inconsistentName error must be returned.
====================================================

not sure if this information is helpful.

Comment 1 Jan Safranek 2009-10-07 10:26:13 UTC

Thanks for detailed break-down, you pointed me directly to the correct place. The following check is really strange:

if (oidIndex[i + viewNameL + 1] > 255)


SVN log does not show anything useful, commit message contains "Bail out for bad snmpAdminString value" and I don't see any adminString around...

Comment 2 Jan Safranek 2009-10-07 12:53:22 UTC

I have just checked in fix upstream, SVN rev. 17791.

Comment 7 errata-xmlrpc 2010-03-30 08:29:17 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0253.html

Note You need to log in before you can comment on or make changes to this bug.