Description of Problem: Snmp crashes on an snmpset command when the object instance does not exist returning a "noSuchName(2)" error. Version-Release number of selected component (if applicable): ucd-snmp-4.2.1-7 How Reproducible: 100% Steps to Reproduce: 1. install ucd-snmp-4.2.1-7 rpm package with Redhat 7.2 2. execute the command "snmpset localhost public enterprises.674.10892.1.1.1.1 i 1" Actual Results: snmp dies Expected Results: snmp should correctly handle the situation of setting an MIB variable that does not exist Additional Information:
bash$ gdb /usr/sbin/snmpd This is the gdb output and backtrace: (gdb) r -f -L -s -l /dev/null -P /var/run/snmpd -a Starting program: /usr/sbin/snmpd -f -L -s -l /dev/null -P /var/run/snmpd -a (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)... UCD-SNMP version 4.2.1 [smux_accept] accepted fd 8 from 127.0.0.1:32944 accepted smux peer: oid gZ0@?_?TQ5@@_?, password , descr Dell OpenManage Server Agent Received SNMP packet(s) from 10.180.93.160 (no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. __strtol_internal (nptr=0x80c22f0 "", endptr=0x8134878, base=1074899065, group=1073971726) at eval.c:36 36 eval.c: No such file or directory. in eval.c AND HERE IS THE BACKTRACE: (gdb) bt #0 __strtol_internal (nptr=0x80c22f0 "", endptr=0x8134878, base=1074899065, group=1073971726) at eval.c:36 #1 0x40038498 in handle_one_var () at eval.c:41 #2 0x40038248 in handle_var_list () at eval.c:41 #3 0x40038183 in handle_next_pass () at eval.c:41 #4 0x40037e3f in handle_snmp_packet () at eval.c:41 #5 0x400f799b in _sess_read () at eval.c:41 #6 0x400f7a10 in snmp_sess_read () at eval.c:41 #7 0x400f6dca in snmp_read () at eval.c:41 8 0x0804b2fb in SnmpdDump () at eval.c:41 #9 0x0804ac85 in SnmpdDump () at eval.c:41 #10 0x4023b507 in __libc_start_main (main=0x8049e50 <SnmpdDump+96>, argc=9, ubp_av=0xbffff944, init=0x804960c <_init>, fini=0x804ba10 <_fini>, rtld_fini=0x4000dc14 <_dl_fini>, stack_end=0xbffff93c) at ../sysdeps/generic/libc-start.c:129
Changing product and component so proper person will see this bug report
Changing owner
I have tried to reproduce this bug with the latest packages (ucd-snmp-4.2.1-8, which only fixes a testscript to 4.2.1-7) and with the exact procedure you describe above it works fine. You still can't set the variable, but snmpd does not segfault for me. The base system is a Roswell2 beta, so i'd ask you to update your system, especially glibc and kernel to these version and see if the problem still persits. I am not sure if setting any variable is allowed at all for the standard snmpd configuration, but as a rule of principle and from a security standpoint i'd say it is by default disabled. Read ya, Phil
There is a bug in the ucd-snmp package 4.2.1-7(as noted below), you might need to enable write access in snmp.conf to get the segfault. The patch is also listed below. I believe the 4.2.2 package has the fix(not out yet), but soon it will be. Can you post an updated ucd-snmp package @redhat so our system management guys can point to it if customers have any problems? Joshua_Giles wrote: Yes! This seems to fix the problem. After doing a, ---localhost#>snmpset localhost public enterprises.674.10892.1.1.1.1 i 1 I get-> ---Error in packet ---Reason: (genError) A general failure occure ---localhost#> And snmpd is still running, great! Two questions, when will this fix be incorporated? And secondly, should a general failure error be reported or a "noSuchName(2)" error be more appropriate? Thanks, Josh Giles > > Wes Hardaker wrote: > > > >>>>> On Wed, 26 Sep 2001 11:20:37 -0500, Joshua_Giles said: > > > > Joshua> Here is the tail-end of gdb after stepping through a couple of > > Joshua> functions(This happens on a set request) > > > > Joshua> 876 return (*add_method)( asp, varbind_ptr ); > > Joshua> (gdb) > > Joshua> Cannot access memory at address 0x0 > > > > Can you put a break point on line 876 and print the add_method > > variable to see if it's NULL. > > > > Actually, I think I see the problem. Try the following patch which > > reverses a change from a while ago which is incorrect (it doesn't > > implement a proper delegated handler, so it shouldn't be marked as one). > > > > Index: smux.c > > =================================================================== > > RCS file: /cvsroot/net-snmp/net-snmp/agent/mibgroup/smux/smux.c,v > > retrieving revision 1.51 > > diff -u -r1.51 smux.c > > --- smux.c 2001/03/27 10:39:00 1.51 > > +++ smux.c 2001/09/26 16:54:58 > > @@ -124,7 +124,7 @@ > > > > struct variable2 smux_variables[] = { > > /* bogus entry, as in pass.c */ > > - {MIBINDEX, ASN_PRIV_DELEGATED, RWRITE, var_smux, 0, {MIBINDEX}}, > > + {MIBINDEX, ASN_INTEGER, RWRITE, var_smux, 0, {MIBINDEX}}, > > }; > > > > > > > > -- > > Wes Hardaker > > NAI Labs > > Network Associates
Right, by default it is disabled, however for our mib browsers to change/update info ;it needs to be enabled, so this bug still stands. The 4.2.2 release should be out Friday. When will this release be incorporated? Please send me the link of where the updated RedHat ucd-snmp rpm will be for download.