Blame SOURCES/net-snmp-5.8-asn-parse-nlength.patch

abc426
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
abc426
From: Bart Van Assche <bvanassche@acm.org>
abc426
Date: Mon, 4 Jan 2021 12:21:59 -0800
abc426
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
abc426
abc426
Handle length zero correctly.
abc426
abc426
Fixes: https://github.com/net-snmp/net-snmp/issues/253
abc426
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
abc426
---
abc426
 snmplib/asn1.c | 2 +-
abc426
 1 file changed, 1 insertion(+), 1 deletion(-)
abc426
abc426
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
abc426
index e983500e7..33c272768 100644
abc426
--- a/snmplib/asn1.c
abc426
+++ b/snmplib/asn1.c
abc426
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
abc426
          * long length; first byte is length of length (after masking high bit)
abc426
          */
abc426
         len_len = (int) ((*pkt & ~0x80) + 1);
abc426
-        if ((int) pkt_len <= len_len )
abc426
+        if (pkt_len < len_len)
abc426
             return NULL;           /* still too short for length and data */
abc426
 
abc426
         /* now we know we have enough data to parse length */
abc426
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
abc426
From: Bart Van Assche <bvanassche@acm.org>
abc426
Date: Mon, 4 Jan 2021 10:00:33 -0800
abc426
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
abc426
 test
abc426
abc426
Add a reproducer for the bug fixed by the previous patch.
abc426
---
abc426
 .../unit-tests/T105trap_parse_clib.c          | 41 +++++++++++++++++++
abc426
 1 file changed, 41 insertions(+)
abc426
 create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
abc426
abc426
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
abc426
new file mode 100644
abc426
index 000000000..5c21ccdc7
abc426
--- /dev/null
abc426
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
abc426
@@ -0,0 +1,41 @@
abc426
+/* HEADER Parsing of an SNMP trap with no varbinds */
abc426
+netsnmp_pdu pdu;
abc426
+int rc;
abc426
+static u_char trap_pdu[] = {
abc426
+    /* Sequence with length of 0x2d = 45 bytes. */
abc426
+    [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
abc426
+    /* version = INTEGER 0 */
abc426
+    [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
abc426
+    /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
abc426
+    [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
abc426
+    [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
abc426
+    /* SNMP_MSG_TRAP; 32 bytes. */
abc426
+    [15] = 0xa4, [16] = 0x20,
abc426
+    /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
abc426
+    [17] = 0x06, [18] = 0x08,
abc426
+    [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
abc426
+    [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
abc426
+    /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
abc426
+    [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
abc426
+    [31] = 0x01, [32] = 0x22,
abc426
+    /* generic-trap = INTEGER 0 */
abc426
+    [33] = 0x02, [34] = 0x01, [35] = 0x00,
abc426
+    /* specific-trap = INTEGER 0 */
abc426
+    [36] = 0x02, [37] = 0x01, [38] = 0x00,
abc426
+    /* ASN_TIMETICKS 0x117f243a */
abc426
+    [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
abc426
+    [43] = 0x24, [44] = 0x3a,
abc426
+    /* varbind list */
abc426
+    [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
abc426
+};
abc426
+static size_t trap_pdu_length = sizeof(trap_pdu);
abc426
+netsnmp_session session;
abc426
+
abc426
+snmp_set_do_debugging(TRUE);
abc426
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
abc426
+memset(&session, 0, sizeof(session));
abc426
+snmp_sess_init(&session);
abc426
+memset(&pdu, 0, sizeof(pdu));
abc426
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
abc426
+
abc426
+OKF((rc == 0), ("Parsing of a trap PDU"));
abc426