diff --git a/backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch b/backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch new file mode 100644 index 0000000000000000000000000000000000000000..10ed2e4cf6eaa3c202c9f0d8c45773bfb7a2310e --- /dev/null +++ b/backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch @@ -0,0 +1,33 @@ +From fbdf2ed2e0bb06050d314e008a34d9ecdb84be17 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 28 Oct 2024 09:21:45 -0700 +Subject: [PATCH] libsnmp: Fix a buffer overflow in setup_engineID() + +See also https://github.com/net-snmp/net-snmp/issues/732. + +Conflict:NA +Reference:https://github.com/net-snmp/net-snmp/commit/fbdf2ed2e0bb06050d314e008a34d9ecdb84be17 + +diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c +index ebb9a9caef..f453ad8fbe 100644 +--- a/snmplib/snmpv3.c ++++ b/snmplib/snmpv3.c +@@ -580,8 +580,13 @@ setup_engineID(u_char ** eidp, const char *text) + /* + * Allocate memory and store enterprise ID. + */ +- if ((bufp = (u_char *) calloc(1, len)) == NULL) { +- snmp_log_perror("setup_engineID malloc"); ++ if (len == 0) { ++ snmp_log(LOG_ERR, "%s(): len == 0\n", __func__); ++ return -1; ++ } ++ bufp = calloc(1, len); ++ if (bufp == NULL) { ++ snmp_log_perror("setup_engineID() calloc()"); + return -1; + } + if (localEngineIDType == ENGINEID_TYPE_NETSNMP_RND) +-- +2.33.0 + diff --git a/backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch b/backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch new file mode 100644 index 0000000000000000000000000000000000000000..20caa87a1398cdf72e9b2b339914cadc6d2f4404 --- /dev/null +++ b/backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch @@ -0,0 +1,28 @@ +From 20879e824851a7a188eac50fd34aac04113d7432 Mon Sep 17 00:00:00 2001 +From: Niels Baggesen +Date: Thu, 1 Jun 2023 11:12:34 +0200 +Subject: [PATCH] snmplib: Handle two oldEngineID lines in snmpd.conf. Fixes + #578 + +Conflict:NA +Reference:https://github.com/net-snmp/net-snmp/commit/20879e824851a7a188eac50fd34aac04113d7432 + +diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c +index 2dd527544f..be9256fa11 100644 +--- a/snmplib/snmpv3.c ++++ b/snmplib/snmpv3.c +@@ -862,6 +862,11 @@ version_conf(const char *word, char *cptr) + void + oldengineID_conf(const char *word, char *cptr) + { ++ if (oldEngineID) { ++ free(oldEngineID); ++ oldEngineID = NULL; ++ oldEngineIDLength = 0; ++ } + read_config_read_octet_string(cptr, &oldEngineID, &oldEngineIDLength); + } + +-- +2.33.0 + diff --git a/net-snmp.spec b/net-snmp.spec index a21eee98057412df3f9a5d44c39753f156191c66..cc06032bc75a648b6e5c55ca8f78f93904a94a9f 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -3,7 +3,7 @@ Name: net-snmp Version: 5.9.1 -Release: 6 +Release: 7 Epoch: 1 Summary: SNMP Daemon License: BSD @@ -55,6 +55,8 @@ Patch38: backport-IF-MIB-IP-FORWARD-MIB-Improve-robustness.patch Patch39: backport-IF-MIB-Fix-a-recently-introduced-use-after-free.patch Patch40: backport-IF-MIB-Add-a-trailing-newline-to-an-error-message.patch Patch41: backport-CVE-2022-44792_CVE-2022-44793.patch +Patch42: backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch +Patch43: backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch %{?systemd_requires} BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel @@ -334,6 +336,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_mandir}/man1/fixproc* %changelog +* Tue Oct 29 2024 xingwei - 1:5.9.1-7 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Sync upstream patches to fix Buffer overflow + * Wed May 24 2023 xingwei - 1:5.9.1-6 - Type:bugfix - CVE:NA