Bug 53640 - Snmp dies on snmpset operation
Snmp dies on snmpset operation
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: ucd-snmp (Show other bugs)
7.2
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Phil Knirsch
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-09-13 13:54 EDT by Joshua Giles
Modified: 2015-03-04 20:09 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-10-03 10:56:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joshua Giles 2001-09-13 13:54:45 EDT
Description of Problem:

Snmp crashes on an snmpset command when the object instance does not exist
returning a "noSuchName(2)" error.

Version-Release number of selected component (if applicable):
ucd-snmp-4.2.1-7

How Reproducible:
100%

Steps to Reproduce:
1. install ucd-snmp-4.2.1-7 rpm package with Redhat 7.2
2. execute the command "snmpset localhost public 
enterprises.674.10892.1.1.1.1 i 1"


Actual Results:
snmp dies

Expected Results:
snmp should correctly handle the situation of setting an MIB variable that 
does not exist

Additional Information:
Comment 1 Joshua Giles 2001-09-13 15:25:36 EDT
bash$ gdb /usr/sbin/snmpd


This is the gdb output and backtrace:

(gdb) r -f -L -s -l /dev/null -P /var/run/snmpd -a
Starting program: /usr/sbin/snmpd -f -L -s -l /dev/null -P /var/run/snmpd
-a
(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...
UCD-SNMP version 4.2.1
[smux_accept] accepted fd 8 from 127.0.0.1:32944
accepted smux peer: oid gZ0@?_?TQ5@@_?, password , descr Dell
OpenManage Server Agent
Received SNMP packet(s) from 10.180.93.160
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
__strtol_internal (nptr=0x80c22f0 "", endptr=0x8134878, base=1074899065,
group=1073971726)
    at eval.c:36
36      eval.c: No such file or directory.
        in eval.c

AND HERE IS THE BACKTRACE:

(gdb) bt
#0  __strtol_internal (nptr=0x80c22f0 "", endptr=0x8134878,
base=1074899065, group=1073971726)
    at eval.c:36
#1  0x40038498 in handle_one_var () at eval.c:41
#2  0x40038248 in handle_var_list () at eval.c:41
#3  0x40038183 in handle_next_pass () at eval.c:41
#4  0x40037e3f in handle_snmp_packet () at eval.c:41
#5  0x400f799b in _sess_read () at eval.c:41
#6  0x400f7a10 in snmp_sess_read () at eval.c:41
#7  0x400f6dca in snmp_read () at eval.c:41
8  0x0804b2fb in SnmpdDump () at eval.c:41
#9  0x0804ac85 in SnmpdDump () at eval.c:41
#10 0x4023b507 in __libc_start_main (main=0x8049e50 <SnmpdDump+96>,
argc=9, ubp_av=0xbffff944,
    init=0x804960c <_init>, fini=0x804ba10 <_fini>, rtld_fini=0x4000dc14
<_dl_fini>,
    stack_end=0xbffff93c) at ../sysdeps/generic/libc-start.c:129



Comment 2 David Lawrence 2001-09-17 17:25:39 EDT
Changing product and component so proper person will see this bug report
Comment 3 David Lawrence 2001-09-17 17:26:06 EDT
Changing owner
Comment 4 Phil Knirsch 2001-09-21 07:04:33 EDT
I have tried to reproduce this bug with the latest packages (ucd-snmp-4.2.1-8,
which only fixes a testscript to 4.2.1-7) and with the exact procedure you
describe above it works fine. You still can't set the variable, but snmpd does
not segfault for me.

The base system is a Roswell2 beta, so i'd ask you to update your system,
especially glibc and kernel to these version and see if the problem still persits.

I am not sure if setting any variable is allowed at all for the standard snmpd
configuration, but as a rule of principle and from a security standpoint i'd say
it is by default disabled.

Read ya, Phil
Comment 5 Joshua Giles 2001-09-27 13:45:19 EDT
There is a bug in the ucd-snmp package 4.2.1-7(as noted below), you might need 
to enable write access in snmp.conf to get the segfault.  The patch is also 
listed below.  I believe the 4.2.2 package has the fix(not out yet), but soon 
it will be.  Can you post an updated ucd-snmp package @redhat so our system 
management guys can point to it if customers have any problems?



Joshua_Giles@dell.com wrote:


Yes!  This seems to fix the problem.  After doing a,

---localhost#>snmpset localhost public enterprises.674.10892.1.1.1.1 i 1

I get->

---Error in packet
---Reason: (genError) A general failure occure
---localhost#>

And snmpd is still running, great!

Two questions,  when will this fix be incorporated?
And secondly, should a general failure error be reported or a
"noSuchName(2)" error be more appropriate?


Thanks,
Josh Giles

>
> Wes Hardaker wrote:
>
> > >>>>> On Wed, 26 Sep 2001 11:20:37 -0500, Joshua_Giles@Dell.com
said:
> >
> > Joshua> Here is the tail-end of gdb after stepping through a couple
of
> > Joshua> functions(This happens on a set request)
> >
> > Joshua> 876                 return (*add_method)( asp, varbind_ptr
);
> > Joshua> (gdb)
> > Joshua> Cannot access memory at address 0x0
> >
> > Can you put a break point on line 876 and print the add_method
> > variable to see if it's NULL.
> >
> > Actually, I think I see the problem.  Try the following patch which
> > reverses a change from a while ago which is incorrect (it doesn't
> > implement a proper delegated handler, so it shouldn't be marked as
one).
> >
> > Index: smux.c
> > ===================================================================
> > RCS file: /cvsroot/net-snmp/net-snmp/agent/mibgroup/smux/smux.c,v
> > retrieving revision 1.51
> > diff -u -r1.51 smux.c
> > --- smux.c      2001/03/27 10:39:00     1.51
> > +++ smux.c      2001/09/26 16:54:58
> > @@ -124,7 +124,7 @@
> >
> >  struct variable2 smux_variables[] = {
> >    /* bogus entry, as in pass.c */
> > -  {MIBINDEX, ASN_PRIV_DELEGATED, RWRITE, var_smux, 0, {MIBINDEX}},
> > +  {MIBINDEX, ASN_INTEGER, RWRITE, var_smux, 0, {MIBINDEX}},
> >  };
> >
> >
> >
> > --
> > Wes Hardaker
> > NAI Labs
> > Network Associates
Comment 6 Joshua Giles 2001-10-02 18:57:11 EDT
Right,

by default it is disabled, however for our mib browsers to change/update 
info ;it needs to be enabled, so this bug still stands.  The 4.2.2 release 
should be out Friday.  When will this release be incorporated?  Please send me 
the link of where the updated RedHat ucd-snmp rpm will be for download.

Note You need to log in before you can comment on or make changes to this bug.