rpms / net-snmp

Clone
Source Code
GIT

Blame SOURCES/net-snmp-5.8-sec-memory-leak.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5ab81883494d991e5779ab8e0d966ab1910c069b
  2.   SOURCES
  3.   net-snmp-5.8-sec-memory-leak.patch
Blob History Raw
be9ed9 
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
be9ed9 
--- a/agent/snmp_agent.c	2020-06-11 10:20:31.646339191 +0200
be9ed9 
+++ b/agent/snmp_agent.c	2020-06-11 10:23:41.178056889 +0200
be9ed9 
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
be9ed9 
     DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
be9ed9 
                 asp, asp->reqinfo));
be9ed9
be9ed9 
-    /* Clean up securityStateRef here to prevent a double free */
be9ed9 
-    if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
be9ed9 
-	snmp_free_securityStateRef(asp->orig_pdu);
be9ed9 
-    if (asp->pdu && asp->pdu->securityStateRef)
be9ed9 
-	snmp_free_securityStateRef(asp->pdu);
be9ed9 
-
be9ed9 
     if (asp->orig_pdu)
be9ed9 
         snmp_free_pdu(asp->orig_pdu);
be9ed9 
     if (asp->pdu)
be9ed9 
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
be9ed9 
--- a/include/net-snmp/pdu_api.h	2020-06-11 10:20:31.631339058 +0200
be9ed9 
+++ b/include/net-snmp/pdu_api.h	2020-06-11 10:24:17.261390028 +0200
be9ed9 
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
be9ed9 
 netsnmp_pdu    *snmp_fix_pdu(  netsnmp_pdu *pdu, int idx);
be9ed9 
 NETSNMP_IMPORT
be9ed9 
 void            snmp_free_pdu( netsnmp_pdu *pdu);
be9ed9 
-NETSNMP_IMPORT
be9ed9 
-void            snmp_free_securityStateRef( netsnmp_pdu *pdu);
be9ed9
be9ed9 
 #ifdef __cplusplus
be9ed9 
 }
be9ed9 
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
be9ed9 
--- a/snmplib/snmp_api.c	2020-06-11 10:20:31.695339627 +0200
be9ed9 
+++ b/snmplib/snmp_api.c	2020-06-11 10:33:55.510891945 +0200
be9ed9 
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
be9ed9 
     pdu->securityStateRef = NULL;
be9ed9 
 }
be9ed9
be9ed9 
-/*
be9ed9 
- * This function is here to provide a separate call to
be9ed9 
- * free the securityStateRef memory. This is needed to prevent
be9ed9 
- * a double free if this memory is freed in snmp_free_pdu.
be9ed9 
- */
be9ed9 
-void
be9ed9 
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
be9ed9 
-{
be9ed9 
-   free_securityStateRef(pdu);
be9ed9 
-}
be9ed9 
-
be9ed9 
 #define ERROR_STAT_LENGTH 11
be9ed9
be9ed9 
 int
be9ed9 
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
be9ed9 
     if (!pdu)
be9ed9 
         return;
be9ed9
be9ed9 
+    free_securityStateRef(pdu);
be9ed9 
+
be9ed9 
     /*
be9ed9 
      * If the command field is empty, that probably indicates
be9ed9 
      *   that this PDU structure has already been freed.
be9ed9 
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
be9ed9 
   }
be9ed9
be9ed9 
   if (ret != SNMP_ERR_NOERROR) {
be9ed9 
-    /*
be9ed9 
-     * Call the security model to free any securityStateRef supplied w/ msg.
be9ed9 
-     */
be9ed9 
-    if (pdu->securityStateRef != NULL) {
be9ed9 
-      free_securityStateRef(pdu);
be9ed9 
-    }
be9ed9 
     snmp_free_pdu(pdu);
be9ed9 
     return NULL;
be9ed9 
   }
be9ed9 
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
be9ed9 
     }
be9ed9 
   }
be9ed9
be9ed9 
-  /*
be9ed9 
-   * Call USM to free any securityStateRef supplied with the message.
be9ed9 
-   */
be9ed9 
-  if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
be9ed9 
-    free_securityStateRef(pdu);
be9ed9 
-
be9ed9 
   if (!handled) {
be9ed9 
     if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
be9ed9 
       return -2;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation