Bug 984661 - snmp_set_var_typed_value function for ASN_IPADDRESS sets wrong size
snmp_set_var_typed_value function for ASN_IPADDRESS sets wrong size
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: net-snmp (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Jan Safranek
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2013-07-15 12:13 EDT by Konstantin Volkov
Modified: 2013-08-12 09:42 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-12 09:42:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Konstantin Volkov 2013-07-15 12:13:04 EDT
Description of problem:

snmp_set_var_typed_value function for ASN_IPADDRESS sets wrong size

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Call snmp_set_var_typed_value() with ip address in args for ASN_IPADDRESS to build a trap
2. send the trap
3. sink cannot parse the packet

Actual results:

Expected results:

Additional info:
Previous version was OK (net-snmp-5.5-44.el6_4.1), net-snmp-5.5-ber-int-size.patch brokes the lib:

-        case ASN_OCTET_STR:
         case ASN_IPADDRESS:
+            if (vp->val_len != 4)
+                return -1;
+            /* fallthrough */
+        case ASN_OCTET_STR:
         case ASN_OPAQUE:
         case ASN_NSAP:
             if (vp->val_len < sizeof(vp->buf)) {

should be

if (vp->val_len != sizeof(in_addr_t))
Comment 2 Jan Safranek 2013-08-12 07:04:19 EDT
(In reply to Konstantin Volkov from comment #0)
> should be
> if (vp->val_len != sizeof(in_addr_t))

Pardon my ignorance, but on which architecture is sizeof(in_addr_t) != 4 ?
Comment 3 Konstantin Volkov 2013-08-12 09:24:23 EDT
Of cause, sizeof(in_addr_t) always = 4.

In our code we passed next:

u_long n = htonl(src_);
snmp_set_var_typed_value(&dst_, ASN_IPADDRESS, (u_char* )&n, sizeof(n));

and it works OK with previous net_snmp version.

My fault, please close.
Comment 4 Jan Safranek 2013-08-12 09:42:29 EDT
Thanks for the clarification, closing.

Note You need to log in before you can comment on or make changes to this bug.