From 1bb941d6fcd7ac2db5a54b95ee0ed07ec9861e70 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>

Date: Fri, 12 Mar 2021 10:15:30 +0100

Subject: [PATCH] Prevent parsing IP address twice (#199)

This fixes issue, that is caused by parsing IP address twice.

First as IPv4 and as IPv6 at second, even thow the address was

properly parsed as a valid IPv4 address.

---

 snmplib/transports/snmpUDPDomain.c     |  2 +-

 snmplib/transports/snmpUDPIPv6Domain.c | 10 +++++++++-

 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c

index b96497f3a3..b594a389b9 100644

--- a/snmplib/transports/snmpUDPDomain.c

+++ b/snmplib/transports/snmpUDPDomain.c

@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)

             /* Nope, wasn't a dotted quad.  Must be a hostname. */

             int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);

             if (ret < 0) {

-                config_perror("cannot resolve source hostname");

+                config_perror("cannot resolve IPv4 source hostname");

                 return;

             }

         }

diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c

index 238c8a9d63..7db19c5c02 100644

--- a/snmplib/transports/snmpUDPIPv6Domain.c

+++ b/snmplib/transports/snmpUDPIPv6Domain.c

@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)

                 memset(&pton_addr.sin6_addr.s6_addr, '\0',

                        sizeof(struct in6_addr));

             } else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {

-                /* Nope, wasn't a numeric address. Must be a hostname. */

+                /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */

+

+                /* Try interpreting as dotted quad - IPv4 */

+                struct in_addr network;

+                if (inet_pton(AF_INET, sourcep, &network) > 0){

+                    /* Yes, it's IPv4 - so it's already parsed and we can return. */

+                    DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));

+                    return;

+                }

 #if HAVE_GETADDRINFO

                 int             gai_error;