From b5c0fdf74959a843b13656bac4fa3550e8463263 Mon Sep 17 00:00:00 2001 From: xingwei Date: Tue, 29 Oct 2024 12:28:25 +0000 Subject: [PATCH] Sync upstream patches to fix Buffer overflow --- ...-a-buffer-overflow-in-setup_engineID.patch | 33 +++++++++++++++++++ ...wo-oldEngineID-lines-in-snmpd.conf.-.patch | 28 ++++++++++++++++ net-snmp.spec | 10 +++++- 3 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch create mode 100644 backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch diff --git a/backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch b/backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch new file mode 100644 index 0000000..10ed2e4 --- /dev/null +++ b/backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch @@ -0,0 +1,33 @@ +From fbdf2ed2e0bb06050d314e008a34d9ecdb84be17 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Mon, 28 Oct 2024 09:21:45 -0700 +Subject: [PATCH] libsnmp: Fix a buffer overflow in setup_engineID() + +See also https://github.com/net-snmp/net-snmp/issues/732. + +Conflict:NA +Reference:https://github.com/net-snmp/net-snmp/commit/fbdf2ed2e0bb06050d314e008a34d9ecdb84be17 + +diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c +index ebb9a9caef..f453ad8fbe 100644 +--- a/snmplib/snmpv3.c ++++ b/snmplib/snmpv3.c +@@ -580,8 +580,13 @@ setup_engineID(u_char ** eidp, const char *text) + /* + * Allocate memory and store enterprise ID. + */ +- if ((bufp = (u_char *) calloc(1, len)) == NULL) { +- snmp_log_perror("setup_engineID malloc"); ++ if (len == 0) { ++ snmp_log(LOG_ERR, "%s(): len == 0\n", __func__); ++ return -1; ++ } ++ bufp = calloc(1, len); ++ if (bufp == NULL) { ++ snmp_log_perror("setup_engineID() calloc()"); + return -1; + } + if (localEngineIDType == ENGINEID_TYPE_NETSNMP_RND) +-- +2.33.0 + diff --git a/backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch b/backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch new file mode 100644 index 0000000..20caa87 --- /dev/null +++ b/backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch @@ -0,0 +1,28 @@ +From 20879e824851a7a188eac50fd34aac04113d7432 Mon Sep 17 00:00:00 2001 +From: Niels Baggesen +Date: Thu, 1 Jun 2023 11:12:34 +0200 +Subject: [PATCH] snmplib: Handle two oldEngineID lines in snmpd.conf. Fixes + #578 + +Conflict:NA +Reference:https://github.com/net-snmp/net-snmp/commit/20879e824851a7a188eac50fd34aac04113d7432 + +diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c +index 2dd527544f..be9256fa11 100644 +--- a/snmplib/snmpv3.c ++++ b/snmplib/snmpv3.c +@@ -862,6 +862,11 @@ version_conf(const char *word, char *cptr) + void + oldengineID_conf(const char *word, char *cptr) + { ++ if (oldEngineID) { ++ free(oldEngineID); ++ oldEngineID = NULL; ++ oldEngineIDLength = 0; ++ } + read_config_read_octet_string(cptr, &oldEngineID, &oldEngineIDLength); + } + +-- +2.33.0 + diff --git a/net-snmp.spec b/net-snmp.spec index 6ad12e3..c4d83af 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -3,7 +3,7 @@ Name: net-snmp Version: 5.9.3 -Release: 4 +Release: 5 Epoch: 1 Summary: SNMP Daemon License: BSD @@ -48,6 +48,8 @@ patch25: dump-space-around-the-equal-for-shellcheck-sc1068.patch Patch26: net-snmp-5.9.1-IdeaUI_antic_attack.patch Patch27: net-snmp-5.9.1-IdeaUI_reset_last_engineTime.patch Patch28: backport-Add-Linux-6.7-compatibility-parsing-proc-net-snmp.patch +Patch29: backport-snmplib-Handle-two-oldEngineID-lines-in-snmpd.conf.-.patch +Patch30: backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch %{?systemd_requires} BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel @@ -327,6 +329,12 @@ chmod 644 local/passtest %{_mandir}/man1/fixproc* %changelog +* Tue Oct 29 2024 xingwei - 1:5.9.3-5 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Sync upstream patches to fix Buffer overflow + * Wed Sep 25 2024 xingwei - 1:5.9.3-4 - Type:bugfix - CVE:NA -- Gitee