Bug 53640 - Snmp dies on snmpset operation
Summary: Snmp dies on snmpset operation
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ucd-snmp
Version: 7.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Phil Knirsch
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-09-13 17:54 UTC by Joshua Giles
Modified: 2015-03-05 01:09 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2001-10-03 14:56:55 UTC

Attachments (Terms of Use)

Description Joshua Giles 2001-09-13 17:54:45 UTC
Description of Problem:

Snmp crashes on an snmpset command when the object instance does not exist
returning a "noSuchName(2)" error.

Version-Release number of selected component (if applicable):

How Reproducible:

Steps to Reproduce:
1. install ucd-snmp-4.2.1-7 rpm package with Redhat 7.2
2. execute the command "snmpset localhost public 
enterprises.674.10892. i 1"

Actual Results:
snmp dies

Expected Results:
snmp should correctly handle the situation of setting an MIB variable that 
does not exist

Additional Information:

Comment 1 Joshua Giles 2001-09-13 19:25:36 UTC
bash$ gdb /usr/sbin/snmpd

This is the gdb output and backtrace:

(gdb) r -f -L -s -l /dev/null -P /var/run/snmpd -a
Starting program: /usr/sbin/snmpd -f -L -s -l /dev/null -P /var/run/snmpd
(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...
UCD-SNMP version 4.2.1
[smux_accept] accepted fd 8 from
accepted smux peer: oid gZ0@?_?TQ5@@_?, password , descr Dell
OpenManage Server Agent
Received SNMP packet(s) from
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
__strtol_internal (nptr=0x80c22f0 "", endptr=0x8134878, base=1074899065,
    at eval.c:36
36      eval.c: No such file or directory.
        in eval.c


(gdb) bt
#0  __strtol_internal (nptr=0x80c22f0 "", endptr=0x8134878,
base=1074899065, group=1073971726)
    at eval.c:36
#1  0x40038498 in handle_one_var () at eval.c:41
#2  0x40038248 in handle_var_list () at eval.c:41
#3  0x40038183 in handle_next_pass () at eval.c:41
#4  0x40037e3f in handle_snmp_packet () at eval.c:41
#5  0x400f799b in _sess_read () at eval.c:41
#6  0x400f7a10 in snmp_sess_read () at eval.c:41
#7  0x400f6dca in snmp_read () at eval.c:41
8  0x0804b2fb in SnmpdDump () at eval.c:41
#9  0x0804ac85 in SnmpdDump () at eval.c:41
#10 0x4023b507 in __libc_start_main (main=0x8049e50 <SnmpdDump+96>,
argc=9, ubp_av=0xbffff944,
    init=0x804960c <_init>, fini=0x804ba10 <_fini>, rtld_fini=0x4000dc14
    stack_end=0xbffff93c) at ../sysdeps/generic/libc-start.c:129

Comment 2 David Lawrence 2001-09-17 21:25:39 UTC
Changing product and component so proper person will see this bug report

Comment 3 David Lawrence 2001-09-17 21:26:06 UTC
Changing owner

Comment 4 Phil Knirsch 2001-09-21 11:04:33 UTC
I have tried to reproduce this bug with the latest packages (ucd-snmp-4.2.1-8,
which only fixes a testscript to 4.2.1-7) and with the exact procedure you
describe above it works fine. You still can't set the variable, but snmpd does
not segfault for me.

The base system is a Roswell2 beta, so i'd ask you to update your system,
especially glibc and kernel to these version and see if the problem still persits.

I am not sure if setting any variable is allowed at all for the standard snmpd
configuration, but as a rule of principle and from a security standpoint i'd say
it is by default disabled.

Read ya, Phil

Comment 5 Joshua Giles 2001-09-27 17:45:19 UTC
There is a bug in the ucd-snmp package 4.2.1-7(as noted below), you might need 
to enable write access in snmp.conf to get the segfault.  The patch is also 
listed below.  I believe the 4.2.2 package has the fix(not out yet), but soon 
it will be.  Can you post an updated ucd-snmp package @redhat so our system 
management guys can point to it if customers have any problems?

Joshua_Giles@dell.com wrote:

Yes!  This seems to fix the problem.  After doing a,

---localhost#>snmpset localhost public enterprises.674.10892. i 1

I get->

---Error in packet
---Reason: (genError) A general failure occure

And snmpd is still running, great!

Two questions,  when will this fix be incorporated?
And secondly, should a general failure error be reported or a
"noSuchName(2)" error be more appropriate?

Josh Giles

> Wes Hardaker wrote:
> > >>>>> On Wed, 26 Sep 2001 11:20:37 -0500, Joshua_Giles@Dell.com
> >
> > Joshua> Here is the tail-end of gdb after stepping through a couple
> > Joshua> functions(This happens on a set request)
> >
> > Joshua> 876                 return (*add_method)( asp, varbind_ptr
> > Joshua> (gdb)
> > Joshua> Cannot access memory at address 0x0
> >
> > Can you put a break point on line 876 and print the add_method
> > variable to see if it's NULL.
> >
> > Actually, I think I see the problem.  Try the following patch which
> > reverses a change from a while ago which is incorrect (it doesn't
> > implement a proper delegated handler, so it shouldn't be marked as
> >
> > Index: smux.c
> > ===================================================================
> > RCS file: /cvsroot/net-snmp/net-snmp/agent/mibgroup/smux/smux.c,v
> > retrieving revision 1.51
> > diff -u -r1.51 smux.c
> > --- smux.c      2001/03/27 10:39:00     1.51
> > +++ smux.c      2001/09/26 16:54:58
> > @@ -124,7 +124,7 @@
> >
> >  struct variable2 smux_variables[] = {
> >    /* bogus entry, as in pass.c */
> > +  {MIBINDEX, ASN_INTEGER, RWRITE, var_smux, 0, {MIBINDEX}},
> >  };
> >
> >
> >
> > --
> > Wes Hardaker
> > NAI Labs
> > Network Associates

Comment 6 Joshua Giles 2001-10-02 22:57:11 UTC

by default it is disabled, however for our mib browsers to change/update 
info ;it needs to be enabled, so this bug still stands.  The 4.2.2 release 
should be out Friday.  When will this release be incorporated?  Please send me 
the link of where the updated RedHat ucd-snmp rpm will be for download.

Note You need to log in before you can comment on or make changes to this bug.