Blame SOURCES/net-snmp-5.7.2-sec-counter.patch

be70f2
diff -up net-snmp-5.7.2/include/net-snmp/library/snmpusm.h.bz1809076 net-snmp-5.7.2/include/net-snmp/library/snmpusm.h
be70f2
--- net-snmp-5.7.2/include/net-snmp/library/snmpusm.h.bz1809076	2020-03-02 14:11:34.000000000 +0100
be70f2
+++ net-snmp-5.7.2/include/net-snmp/library/snmpusm.h	2020-03-02 14:05:12.000000000 +0100
be70f2
@@ -34,6 +34,7 @@ extern          "C" {
be70f2
      * Structures.
be70f2
      */
be70f2
     struct usmStateReference {
be70f2
+        int             refcnt;
be70f2
         char           *usr_name;
be70f2
         size_t          usr_name_length;
be70f2
         u_char         *usr_engine_id;
be70f2
diff -up net-snmp-5.7.2/snmplib/snmp_client.c.bz1809076 net-snmp-5.7.2/snmplib/snmp_client.c
be70f2
--- net-snmp-5.7.2/snmplib/snmp_client.c.bz1809076	2020-03-02 14:11:27.000000000 +0100
be70f2
+++ net-snmp-5.7.2/snmplib/snmp_client.c	2020-03-02 14:03:40.000000000 +0100
be70f2
@@ -391,27 +391,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
be70f2
         return NULL;
be70f2
     }
be70f2
 
be70f2
-    if (pdu != NULL && pdu->securityStateRef &&
be70f2
-        pdu->command == SNMP_MSG_TRAP2) {
be70f2
-
be70f2
-        ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
be70f2
-                (struct usmStateReference **) &newpdu->securityStateRef );
be70f2
-
be70f2
-        if (ret)
be70f2
-        {
be70f2
+    sptr = find_sec_mod(newpdu->securityModel);
be70f2
+    if (sptr && sptr->pdu_clone) {
be70f2
+        /* call security model if it needs to know about this */
be70f2
+        ret = sptr->pdu_clone(pdu, newpdu);
be70f2
+        if (ret) {
be70f2
             snmp_free_pdu(newpdu);
be70f2
             return 0;
be70f2
         }
be70f2
     }
be70f2
 
be70f2
-    if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
be70f2
-        sptr->pdu_clone != NULL) {
be70f2
-        /*
be70f2
-         * call security model if it needs to know about this 
be70f2
-         */
be70f2
-        (*sptr->pdu_clone) (pdu, newpdu);
be70f2
-    }
be70f2
-
be70f2
     return newpdu;
be70f2
 }
be70f2
 
be70f2
diff -up net-snmp-5.7.2/snmplib/snmpusm.c.bz1809076 net-snmp-5.7.2/snmplib/snmpusm.c
be70f2
--- net-snmp-5.7.2/snmplib/snmpusm.c.bz1809076	2020-03-02 14:11:20.000000000 +0100
be70f2
+++ net-snmp-5.7.2/snmplib/snmpusm.c	2020-03-02 14:08:30.000000000 +0100
be70f2
@@ -192,43 +192,63 @@ free_enginetime_on_shutdown(int majorid,
be70f2
 struct usmStateReference *
be70f2
 usm_malloc_usmStateReference(void)
be70f2
 {
be70f2
-    struct usmStateReference *retval = (struct usmStateReference *)
be70f2
-        calloc(1, sizeof(struct usmStateReference));
be70f2
+    struct usmStateReference *retval;
be70f2
+
be70f2
+    retval = calloc(1, sizeof(struct usmStateReference));
be70f2
+    if (retval)
be70f2
+        retval->refcnt = 1;
be70f2
 
be70f2
     return retval;
be70f2
 }                               /* end usm_malloc_usmStateReference() */
be70f2
 
be70f2
+static int
be70f2
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
be70f2
+{
be70f2
+    struct usmStateReference *ref = pdu->securityStateRef;
be70f2
+    struct usmStateReference **new_ref =
be70f2
+        (struct usmStateReference **)&new_pdu->securityStateRef;
be70f2
+    int ret = 0;
be70f2
+
be70f2
+    if (!ref)
be70f2
+        return ret;
be70f2
+
be70f2
+    if (pdu->command == SNMP_MSG_TRAP2) {
be70f2
+        netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
be70f2
+        ret = usm_clone_usmStateReference(ref, new_ref);
be70f2
+    } else {
be70f2
+        netsnmp_assert(ref == *new_ref);
be70f2
+        ref->refcnt++;
be70f2
+    }
be70f2
+
be70f2
+    return ret;
be70f2
+}
be70f2
 
be70f2
 void
be70f2
 usm_free_usmStateReference(void *old)
be70f2
 {
be70f2
-    struct usmStateReference *old_ref = (struct usmStateReference *) old;
be70f2
+    struct usmStateReference *ref = old;
be70f2
 
be70f2
-    if (old_ref) {
be70f2
+    if (!ref)
be70f2
+        return;
be70f2
 
be70f2
-        if (old_ref->usr_name_length)
be70f2
-            SNMP_FREE(old_ref->usr_name);
be70f2
-        if (old_ref->usr_engine_id_length)
be70f2
-            SNMP_FREE(old_ref->usr_engine_id);
be70f2
-        if (old_ref->usr_auth_protocol_length)
be70f2
-            SNMP_FREE(old_ref->usr_auth_protocol);
be70f2
-        if (old_ref->usr_priv_protocol_length)
be70f2
-            SNMP_FREE(old_ref->usr_priv_protocol);
be70f2
-
be70f2
-        if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
be70f2
-            SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
be70f2
-            SNMP_FREE(old_ref->usr_auth_key);
be70f2
-        }
be70f2
-        if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
be70f2
-            SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
be70f2
-            SNMP_FREE(old_ref->usr_priv_key);
be70f2
-        }
be70f2
+    if (--ref->refcnt > 0)
be70f2
+        return;
be70f2
 
be70f2
-        SNMP_ZERO(old_ref, sizeof(*old_ref));
be70f2
-        SNMP_FREE(old_ref);
be70f2
+    SNMP_FREE(ref->usr_name);
be70f2
+    SNMP_FREE(ref->usr_engine_id);
be70f2
+    SNMP_FREE(ref->usr_auth_protocol);
be70f2
+    SNMP_FREE(ref->usr_priv_protocol);
be70f2
 
be70f2
+    if (ref->usr_auth_key_length && ref->usr_auth_key) {
be70f2
+        SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
be70f2
+        SNMP_FREE(ref->usr_auth_key);
be70f2
+    }
be70f2
+    if (ref->usr_priv_key_length && ref->usr_priv_key) {
be70f2
+        SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
be70f2
+        SNMP_FREE(ref->usr_priv_key);
be70f2
     }
be70f2
 
be70f2
+    SNMP_FREE(ref);
be70f2
 }                               /* end usm_free_usmStateReference() */
be70f2
 
be70f2
 struct usmUser *
be70f2
@@ -3184,6 +3204,7 @@ init_usm(void)
be70f2
     def->encode_reverse = usm_secmod_rgenerate_out_msg;
be70f2
     def->encode_forward = usm_secmod_generate_out_msg;
be70f2
     def->decode = usm_secmod_process_in_msg;
be70f2
+    def->pdu_clone = usm_clone;
be70f2
     def->pdu_free_state_ref = usm_free_usmStateReference;
be70f2
     def->session_setup = usm_session_init;
be70f2
     def->handle_report = usm_handle_report;