|
 |
17a0ab |
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
|
|
|
17a0ab |
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
|
|
|
17a0ab |
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
|
|
|
17a0ab |
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
|
|
|
17a0ab |
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
|
|
|
17a0ab |
asp, asp->reqinfo));
|
|
|
17a0ab |
|
|
|
17a0ab |
- /* Clean up securityStateRef here to prevent a double free */
|
|
|
17a0ab |
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
|
|
|
17a0ab |
- snmp_free_securityStateRef(asp->orig_pdu);
|
|
|
17a0ab |
- if (asp->pdu && asp->pdu->securityStateRef)
|
|
|
17a0ab |
- snmp_free_securityStateRef(asp->pdu);
|
|
|
17a0ab |
-
|
|
|
17a0ab |
if (asp->orig_pdu)
|
|
|
17a0ab |
snmp_free_pdu(asp->orig_pdu);
|
|
|
17a0ab |
if (asp->pdu)
|
|
|
17a0ab |
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
|
|
|
17a0ab |
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
|
|
|
17a0ab |
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
|
|
|
17a0ab |
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
|
|
|
17a0ab |
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
|
|
|
17a0ab |
NETSNMP_IMPORT
|
|
|
17a0ab |
void snmp_free_pdu( netsnmp_pdu *pdu);
|
|
|
17a0ab |
-NETSNMP_IMPORT
|
|
|
17a0ab |
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
|
|
|
17a0ab |
|
|
|
17a0ab |
#ifdef __cplusplus
|
|
|
17a0ab |
}
|
|
|
17a0ab |
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
|
|
|
17a0ab |
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
|
|
|
17a0ab |
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
|
|
|
17a0ab |
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
|
|
|
17a0ab |
pdu->securityStateRef = NULL;
|
|
|
17a0ab |
}
|
|
|
17a0ab |
|
|
|
17a0ab |
-/*
|
|
|
17a0ab |
- * This function is here to provide a separate call to
|
|
|
17a0ab |
- * free the securityStateRef memory. This is needed to prevent
|
|
|
17a0ab |
- * a double free if this memory is freed in snmp_free_pdu.
|
|
|
17a0ab |
- */
|
|
|
17a0ab |
-void
|
|
|
17a0ab |
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
|
|
|
17a0ab |
-{
|
|
|
17a0ab |
- free_securityStateRef(pdu);
|
|
|
17a0ab |
-}
|
|
|
17a0ab |
-
|
|
|
17a0ab |
#define ERROR_STAT_LENGTH 11
|
|
|
17a0ab |
|
|
|
17a0ab |
int
|
|
|
17a0ab |
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
|
|
|
17a0ab |
if (!pdu)
|
|
|
17a0ab |
return;
|
|
|
17a0ab |
|
|
|
17a0ab |
+ free_securityStateRef(pdu);
|
|
|
17a0ab |
+
|
|
|
17a0ab |
/*
|
|
|
17a0ab |
* If the command field is empty, that probably indicates
|
|
|
17a0ab |
* that this PDU structure has already been freed.
|
|
|
17a0ab |
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
|
|
|
17a0ab |
}
|
|
|
17a0ab |
|
|
|
17a0ab |
if (ret != SNMP_ERR_NOERROR) {
|
|
|
17a0ab |
- /*
|
|
|
17a0ab |
- * Call the security model to free any securityStateRef supplied w/ msg.
|
|
|
17a0ab |
- */
|
|
|
17a0ab |
- if (pdu->securityStateRef != NULL) {
|
|
|
17a0ab |
- free_securityStateRef(pdu);
|
|
|
17a0ab |
- }
|
|
|
17a0ab |
snmp_free_pdu(pdu);
|
|
|
17a0ab |
return NULL;
|
|
|
17a0ab |
}
|
|
|
17a0ab |
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
|
|
|
17a0ab |
}
|
|
|
17a0ab |
}
|
|
|
17a0ab |
|
|
|
17a0ab |
- /*
|
|
|
17a0ab |
- * Call USM to free any securityStateRef supplied with the message.
|
|
|
17a0ab |
- */
|
|
|
17a0ab |
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
|
|
|
17a0ab |
- free_securityStateRef(pdu);
|
|
|
17a0ab |
-
|
|
|
17a0ab |
if (!handled) {
|
|
|
17a0ab |
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
|
|
|
17a0ab |
return -2;
|