|
 |
d81ece |
diff -urNp x/agent/snmp_agent.c y/agent/snmp_agent.c
|
|
|
d81ece |
--- x/agent/snmp_agent.c 2019-09-12 10:07:52.536297633 +0200
|
|
|
d81ece |
+++ y/agent/snmp_agent.c 2019-09-12 10:10:10.900666975 +0200
|
|
|
d81ece |
@@ -1428,6 +1428,13 @@ free_agent_snmp_session(netsnmp_agent_se
|
|
|
d81ece |
|
|
|
d81ece |
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
|
|
|
d81ece |
asp, asp->reqinfo));
|
|
|
d81ece |
+
|
|
|
d81ece |
+ /* Clean up securityStateRef here to prevent a double free */
|
|
|
d81ece |
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
|
|
|
d81ece |
+ snmp_free_securityStateRef(asp->orig_pdu);
|
|
|
d81ece |
+ if (asp->pdu && asp->pdu->securityStateRef)
|
|
|
d81ece |
+ snmp_free_securityStateRef(asp->pdu);
|
|
|
d81ece |
+
|
|
|
d81ece |
if (asp->orig_pdu)
|
|
|
d81ece |
snmp_free_pdu(asp->orig_pdu);
|
|
|
d81ece |
if (asp->pdu)
|
|
|
d81ece |
diff -urNp x/include/net-snmp/pdu_api.h y/include/net-snmp/pdu_api.h
|
|
|
d81ece |
--- x/include/net-snmp/pdu_api.h 2019-09-12 10:07:52.548297751 +0200
|
|
|
d81ece |
+++ y/include/net-snmp/pdu_api.h 2019-09-12 10:11:26.562411701 +0200
|
|
|
d81ece |
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
|
|
|
d81ece |
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
|
|
|
d81ece |
NETSNMP_IMPORT
|
|
|
d81ece |
void snmp_free_pdu( netsnmp_pdu *pdu);
|
|
|
d81ece |
+NETSNMP_IMPORT
|
|
|
d81ece |
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
|
|
|
d81ece |
|
|
|
d81ece |
#ifdef __cplusplus
|
|
|
d81ece |
}
|
|
|
d81ece |
diff -urNp x/snmplib/snmp_api.c y/snmplib/snmp_api.c
|
|
|
d81ece |
--- x/snmplib/snmp_api.c 2019-09-12 10:07:52.570297968 +0200
|
|
|
d81ece |
+++ y/snmplib/snmp_api.c 2019-09-13 08:53:53.734689426 +0200
|
|
|
d81ece |
@@ -3837,6 +3837,42 @@ snmpv3_parse(netsnmp_pdu *pdu,
|
|
|
d81ece |
return SNMPERR_SUCCESS;
|
|
|
d81ece |
} /* end snmpv3_parse() */
|
|
|
d81ece |
|
|
|
d81ece |
+static void
|
|
|
d81ece |
+free_securityStateRef(netsnmp_pdu* pdu)
|
|
|
d81ece |
+{
|
|
|
d81ece |
+ struct snmp_secmod_def *sptr;
|
|
|
d81ece |
+
|
|
|
d81ece |
+ if(!pdu->securityStateRef)
|
|
|
d81ece |
+ return;
|
|
|
d81ece |
+
|
|
|
d81ece |
+ sptr = find_sec_mod(pdu->securityModel);
|
|
|
d81ece |
+ if (sptr) {
|
|
|
d81ece |
+ if (sptr->pdu_free_state_ref) {
|
|
|
d81ece |
+ (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
|
|
|
d81ece |
+ } else {
|
|
|
d81ece |
+ snmp_log(LOG_ERR,
|
|
|
d81ece |
+ "Security Model %d can't free state references\n",
|
|
|
d81ece |
+ pdu->securityModel);
|
|
|
d81ece |
+ }
|
|
|
d81ece |
+ } else {
|
|
|
d81ece |
+ snmp_log(LOG_ERR,
|
|
|
d81ece |
+ "Can't find security model to free ptr: %d\n",
|
|
|
d81ece |
+ pdu->securityModel);
|
|
|
d81ece |
+ }
|
|
|
d81ece |
+ pdu->securityStateRef = NULL;
|
|
|
d81ece |
+}
|
|
|
d81ece |
+
|
|
|
d81ece |
+/*
|
|
|
d81ece |
+ * This function is here to provide a separate call to
|
|
|
d81ece |
+ * free the securityStateRef memory. This is needed to prevent
|
|
|
d81ece |
+ * a double free if this memory is freed in snmp_free_pdu.
|
|
|
d81ece |
+ */
|
|
|
d81ece |
+void
|
|
|
d81ece |
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
|
|
|
d81ece |
+{
|
|
|
d81ece |
+ free_securityStateRef(pdu);
|
|
|
d81ece |
+}
|
|
|
d81ece |
+
|
|
|
d81ece |
#define ERROR_STAT_LENGTH 11
|
|
|
d81ece |
|
|
|
d81ece |
int
|
|
|
d81ece |
@@ -3858,7 +3894,6 @@ snmpv3_make_report(netsnmp_pdu *pdu, int
|
|
|
d81ece |
oid *err_var;
|
|
|
d81ece |
int err_var_len;
|
|
|
d81ece |
int stat_ind;
|
|
|
d81ece |
- struct snmp_secmod_def *sptr;
|
|
|
d81ece |
|
|
|
d81ece |
switch (error) {
|
|
|
d81ece |
case SNMPERR_USM_UNKNOWNENGINEID:
|
|
|
d81ece |
@@ -3919,21 +3954,7 @@ snmpv3_make_report(netsnmp_pdu *pdu, int
|
|
|
d81ece |
* which cached values to use
|
|
|
d81ece |
*/
|
|
|
d81ece |
if (pdu->securityStateRef) {
|
|
|
d81ece |
- sptr = find_sec_mod(pdu->securityModel);
|
|
|
d81ece |
- if (sptr) {
|
|
|
d81ece |
- if (sptr->pdu_free_state_ref) {
|
|
|
d81ece |
- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Security Model %d can't free state references\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Can't find security model to free ptr: %d\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- pdu->securityStateRef = NULL;
|
|
|
d81ece |
+ free_securityStateRef(pdu);
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
if (error == SNMPERR_USM_NOTINTIMEWINDOW) {
|
|
|
d81ece |
@@ -5192,7 +5213,6 @@ _sess_process_packet(void *sessp, netsnm
|
|
|
d81ece |
struct session_list *slp = (struct session_list *) sessp;
|
|
|
d81ece |
netsnmp_pdu *pdu;
|
|
|
d81ece |
netsnmp_request_list *rp, *orp = NULL;
|
|
|
d81ece |
- struct snmp_secmod_def *sptr;
|
|
|
d81ece |
int ret = 0, handled = 0;
|
|
|
d81ece |
|
|
|
d81ece |
DEBUGMSGTL(("sess_process_packet",
|
|
|
d81ece |
@@ -5262,21 +5282,7 @@ _sess_process_packet(void *sessp, netsnm
|
|
|
d81ece |
* Call the security model to free any securityStateRef supplied w/ msg.
|
|
|
d81ece |
*/
|
|
|
d81ece |
if (pdu->securityStateRef != NULL) {
|
|
|
d81ece |
- sptr = find_sec_mod(pdu->securityModel);
|
|
|
d81ece |
- if (sptr != NULL) {
|
|
|
d81ece |
- if (sptr->pdu_free_state_ref != NULL) {
|
|
|
d81ece |
- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Security Model %d can't free state references\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Can't find security model to free ptr: %d\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- pdu->securityStateRef = NULL;
|
|
|
d81ece |
+ free_securityStateRef(pdu);
|
|
|
d81ece |
}
|
|
|
d81ece |
snmp_free_pdu(pdu);
|
|
|
d81ece |
return -1;
|
|
|
d81ece |
@@ -5287,21 +5293,7 @@ _sess_process_packet(void *sessp, netsnm
|
|
|
d81ece |
* Call USM to free any securityStateRef supplied with the message.
|
|
|
d81ece |
*/
|
|
|
d81ece |
if (pdu->securityStateRef) {
|
|
|
d81ece |
- sptr = find_sec_mod(pdu->securityModel);
|
|
|
d81ece |
- if (sptr) {
|
|
|
d81ece |
- if (sptr->pdu_free_state_ref) {
|
|
|
d81ece |
- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Security Model %d can't free state references\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Can't find security model to free ptr: %d\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- pdu->securityStateRef = NULL;
|
|
|
d81ece |
+ free_securityStateRef(pdu);
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
for (rp = isp->requests; rp; orp = rp, rp = rp->next_request) {
|
|
|
d81ece |
@@ -5454,21 +5446,7 @@ _sess_process_packet(void *sessp, netsnm
|
|
|
d81ece |
*/
|
|
|
d81ece |
if (pdu != NULL && pdu->securityStateRef &&
|
|
|
d81ece |
pdu->command == SNMP_MSG_TRAP2) {
|
|
|
d81ece |
- sptr = find_sec_mod(pdu->securityModel);
|
|
|
d81ece |
- if (sptr) {
|
|
|
d81ece |
- if (sptr->pdu_free_state_ref) {
|
|
|
d81ece |
- (*sptr->pdu_free_state_ref) (pdu->securityStateRef);
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Security Model %d can't free state references\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- } else {
|
|
|
d81ece |
- snmp_log(LOG_ERR,
|
|
|
d81ece |
- "Can't find security model to free ptr: %d\n",
|
|
|
d81ece |
- pdu->securityModel);
|
|
|
d81ece |
- }
|
|
|
d81ece |
- pdu->securityStateRef = NULL;
|
|
|
d81ece |
+ free_securityStateRef(pdu);
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
if (!handled) {
|
|
|
d81ece |
diff -urNp x/snmplib/snmpusm.c y/snmplib/snmpusm.c
|
|
|
d81ece |
--- x/snmplib/snmpusm.c 2019-09-12 10:07:52.567297938 +0200
|
|
|
d81ece |
+++ y/snmplib/snmpusm.c 2019-09-12 10:57:52.780861077 +0200
|
|
|
d81ece |
@@ -206,16 +206,20 @@ usm_free_usmStateReference(void *old)
|
|
|
d81ece |
|
|
|
d81ece |
if (old_ref) {
|
|
|
d81ece |
|
|
|
d81ece |
- SNMP_FREE(old_ref->usr_name);
|
|
|
d81ece |
- SNMP_FREE(old_ref->usr_engine_id);
|
|
|
d81ece |
- SNMP_FREE(old_ref->usr_auth_protocol);
|
|
|
d81ece |
- SNMP_FREE(old_ref->usr_priv_protocol);
|
|
|
d81ece |
+ if (old_ref->usr_name_length)
|
|
|
d81ece |
+ SNMP_FREE(old_ref->usr_name);
|
|
|
d81ece |
+ if (old_ref->usr_engine_id_length)
|
|
|
d81ece |
+ SNMP_FREE(old_ref->usr_engine_id);
|
|
|
d81ece |
+ if (old_ref->usr_auth_protocol_length)
|
|
|
d81ece |
+ SNMP_FREE(old_ref->usr_auth_protocol);
|
|
|
d81ece |
+ if (old_ref->usr_priv_protocol_length)
|
|
|
d81ece |
+ SNMP_FREE(old_ref->usr_priv_protocol);
|
|
|
d81ece |
|
|
|
d81ece |
- if (old_ref->usr_auth_key) {
|
|
|
d81ece |
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
|
|
|
d81ece |
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
|
|
|
d81ece |
SNMP_FREE(old_ref->usr_auth_key);
|
|
|
d81ece |
}
|
|
|
d81ece |
- if (old_ref->usr_priv_key) {
|
|
|
d81ece |
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
|
|
|
d81ece |
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
|
|
|
d81ece |
SNMP_FREE(old_ref->usr_priv_key);
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -946,7 +950,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
|
|
|
d81ece |
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_UNKNOWNSECURITYNAME;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -998,7 +1001,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
thePrivProtocolLength) == 1) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
|
|
|
d81ece |
theSecLevel));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1028,7 +1030,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
|
|
|
d81ece |
&seq_len, &msgSecParmLen) == -1) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1050,7 +1051,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
ptr = *wholeMsg = globalData;
|
|
|
d81ece |
if (theTotalLength > *wholeMsgLen) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1078,7 +1078,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
htonl(boots_uint), htonl(time_uint),
|
|
|
d81ece |
&ptr[privParamsOffset]) == -1) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -1091,7 +1090,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
&ptr[privParamsOffset])
|
|
|
d81ece |
== -1)) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -1104,7 +1102,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
&ptr[dataOffset], &encrypted_length)
|
|
|
d81ece |
!= SNMP_ERR_NOERROR) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "encryption error.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_ENCRYPTIONERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
#ifdef NETSNMP_ENABLE_TESTING_CODE
|
|
|
d81ece |
@@ -1132,7 +1129,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
if ((encrypted_length != (theTotalLength - dataOffset))
|
|
|
d81ece |
|| (salt_length != msgPrivParmLen)) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "encryption length error.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_ENCRYPTIONERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1268,7 +1264,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
|
|
|
d81ece |
if (temp_sig == NULL) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Out of memory.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1282,7 +1277,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
SNMP_ZERO(temp_sig, temp_sig_len);
|
|
|
d81ece |
SNMP_FREE(temp_sig);
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Signing failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1290,7 +1284,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
SNMP_ZERO(temp_sig, temp_sig_len);
|
|
|
d81ece |
SNMP_FREE(temp_sig);
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1304,7 +1297,6 @@ usm_generate_out_msg(int msgProcModel,
|
|
|
d81ece |
/*
|
|
|
d81ece |
* endif -- create keyed hash
|
|
|
d81ece |
*/
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
|
|
|
d81ece |
DEBUGMSGTL(("usm", "USM processing completed.\n"));
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1458,7 +1450,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
|
|
|
d81ece |
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Unknown User\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_UNKNOWNSECURITYNAME;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1511,7 +1502,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
|
|
|
d81ece |
theSecLevel));
|
|
|
d81ece |
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1544,7 +1534,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
DEBUGMSGTL(("usm",
|
|
|
d81ece |
"couldn't malloc %d bytes for encrypted PDU\n",
|
|
|
d81ece |
(int)ciphertextlen));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_MALLOC;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1560,7 +1549,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
htonl(boots_uint), htonl(time_uint),
|
|
|
d81ece |
iv) == -1) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
SNMP_FREE(ciphertext);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -1575,7 +1563,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
thePrivKeyLength - 8,
|
|
|
d81ece |
iv) == -1)) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
SNMP_FREE(ciphertext);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -1594,7 +1581,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
scopedPdu, scopedPduLen,
|
|
|
d81ece |
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "encryption error.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
SNMP_FREE(ciphertext);
|
|
|
d81ece |
return SNMPERR_USM_ENCRYPTIONERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -1614,7 +1600,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
ciphertext, ciphertextlen);
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Encryption failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
SNMP_FREE(ciphertext);
|
|
|
d81ece |
return SNMPERR_USM_ENCRYPTIONERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -1654,7 +1639,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
DEBUGINDENTLESS();
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building privParams failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1675,7 +1659,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
DEBUGINDENTLESS();
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building authParams failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1698,7 +1681,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
DEBUGINDENTLESS();
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building authParams failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1714,7 +1696,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm",
|
|
|
d81ece |
"building msgAuthoritativeEngineTime failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1730,7 +1711,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm",
|
|
|
d81ece |
"building msgAuthoritativeEngineBoots failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1742,7 +1722,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
DEBUGINDENTLESS();
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1755,7 +1734,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
*offset - sp_offset);
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1769,7 +1747,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1779,7 +1756,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
while ((*wholeMsgLen - *offset) < globalDataLen) {
|
|
|
d81ece |
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building global data failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
}
|
|
|
d81ece |
@@ -1795,7 +1771,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
ASN_CONSTRUCTOR), *offset);
|
|
|
d81ece |
if (rc == 0) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_TOO_LONG;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1813,7 +1788,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
|
|
|
d81ece |
if (temp_sig == NULL) {
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Out of memory.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_GENERICERROR;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1824,14 +1798,12 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
d81ece |
!= SNMP_ERR_NOERROR) {
|
|
|
d81ece |
SNMP_FREE(temp_sig);
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Signing failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
if (temp_sig_len != msgAuthParmLen) {
|
|
|
d81ece |
SNMP_FREE(temp_sig);
|
|
|
d81ece |
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
|
|
|
d81ece |
- usm_free_usmStateReference(secStateRef);
|
|
|
d81ece |
return SNMPERR_USM_AUTHENTICATIONFAILURE;
|
|
|
d81ece |
}
|
|
|
d81ece |
|
|
|
d81ece |
@@ -1842,7 +1814,6 @@ usm_rgenerate_out_msg(int msgProcModel,
|
|
|
aa44a8 |
/*
|
|
|
aa44a8 |
* endif -- create keyed hash
|
|
|
aa44a8 |
*/
|
|
|
aa44a8 |
- usm_free_usmStateReference(secStateRef);
|
|
|
aa44a8 |
DEBUGMSGTL(("usm", "USM processing completed.\n"));
|
|
|
aa44a8 |
return SNMPERR_SUCCESS;
|
|
|
aa44a8 |
} /* end usm_rgenerate_out_msg() */
|