kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixed building on OS X 10.10; fixed CVE-2014-3565

Browse source
This commit is contained in:
adam 2014-11-26 15:45:03 +00:00
parent 86ed3ad265
commit e51bab2ec5
3 changed files with 443 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
net/net-snmp/Makefile
View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.108 2014/10/12 00:14:45 gdt Exp $
# $NetBSD: Makefile,v 1.109 2014/11/26 15:45:03 adam Exp $
.include "Makefile.common"
PKGREVISION= 2
PKGREVISION= 3
CATEGORIES= net
MAINTAINER= adam@NetBSD.org
@ -119,9 +119,10 @@ INSTALLATION_DIRS+= share/examples/net-snmp
post-extract:
.if ${OPSYS} == "DragonFly"
cp ${FILESDIR}/cpu_dragonfly.c ${WRKSRC}/agent/mibgroup/hardware/cpu/cpu_nlist.c
# XXX make it build on OS X 10.9 Mavericks; remove on the next update
# XXX make it build on OS X 10.9 and OS X 10.10; remove on the next update
.elif ${OPSYS} == "Darwin"
ln -s ${WRKSRC}/include/net-snmp/system/darwin12.h ${WRKSRC}/include/net-snmp/system/darwin13.h
ln -s ${WRKSRC}/include/net-snmp/system/darwin12.h ${WRKSRC}/include/net-snmp/system/darwin14.h
.endif
post-wrapper:

3
net/net-snmp/distinfo
View file

@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.82 2014/08/22 16:27:18 adam Exp $
$NetBSD: distinfo,v 1.83 2014/11/26 15:45:03 adam Exp $
SHA1 (net-snmp-5.7.2.1.tar.gz) = 815d4e5520a1ed96a27def33e7534b4190599f0f
RMD160 (net-snmp-5.7.2.1.tar.gz) = 129b74e70a5027749c766ea9cdb53a3c4a3cf40b
@ -33,3 +33,4 @@ SHA1 (patch-es) = 7336d905bac315f344f93664e4118332f88fb6ee
SHA1 (patch-include_net-snmp_agent_snmp__agent.h) = 2139d849b0ffe004a72f3276a98c0d2cb72dca18
SHA1 (patch-include_net-snmp_system_netbsd.h) = 7880fded678147b2cc75e035234b89727e213d00
SHA1 (patch-perl_agent_Makefile.PL) = 722380debeda1552b74b60ff91cea3cbbc716e74
SHA1 (patch-snmplib_mib.c) = 5177039d844d0e879f78fe7d714ef0385a56c7b7

437
net/net-snmp/patches/patch-snmplib_mib.c Normal file
View file

@ -0,0 +1,437 @@
$NetBSD: patch-snmplib_mib.c,v 1.1 2014/11/26 15:45:03 adam Exp $
Official patch for CVE-2014-3565:
Remote denial-of-service flaw was found in the way snmptrapd handled certain
SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap
containing variable with a NULL type where an integer variable type was
expected, it would cause snmptrapd to crash.
--- snmplib/mib.c.orig 2014-02-20 00:36:42.000000000 +0000
+++ snmplib/mib.c
@@ -464,17 +464,16 @@ sprint_realloc_octet_string(u_char ** bu
u_char *cp;
int output_format, cnt;
- if ((var->type != ASN_OCTET_STR) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- const char str[] = "Wrong Type (should be OCTET STRING): ";
- if (snmp_cstrcat
- (buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OCTET_STR) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ const char str[] = "Wrong Type (should be OCTET STRING): ";
+ if (!snmp_cstrcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
@@ -742,16 +741,16 @@ sprint_realloc_float(u_char ** buf, size
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_OPAQUE_FLOAT) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Float): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OPAQUE_FLOAT) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Float): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -812,17 +811,16 @@ sprint_realloc_double(u_char ** buf, siz
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_OPAQUE_DOUBLE) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat
- (buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Double): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OPAQUE_DOUBLE) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Double): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -887,20 +885,21 @@ sprint_realloc_counter64(u_char ** buf,
{
char a64buf[I64CHARSZ + 1];
- if ((var->type != ASN_COUNTER64
+ if (var->type != ASN_COUNTER64
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
&& var->type != ASN_OPAQUE_COUNTER64
&& var->type != ASN_OPAQUE_I64 && var->type != ASN_OPAQUE_U64
#endif
- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Counter64): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ ) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Counter64): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -988,23 +987,25 @@ sprint_realloc_opaque(u_char ** buf, siz
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_OPAQUE
+ if (var->type != ASN_OPAQUE
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
&& var->type != ASN_OPAQUE_COUNTER64
&& var->type != ASN_OPAQUE_U64
&& var->type != ASN_OPAQUE_I64
&& var->type != ASN_OPAQUE_FLOAT && var->type != ASN_OPAQUE_DOUBLE
#endif /* NETSNMP_WITH_OPAQUE_SPECIAL_TYPES */
- ) && (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- if (snmp_cstrcat(buf, buf_len, out_len, allow_realloc,
- "Wrong Type (should be Opaque): ")) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ ) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Opaque): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
+
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
switch (var->type) {
case ASN_OPAQUE_COUNTER64:
@@ -1080,17 +1081,16 @@ sprint_realloc_object_identifier(u_char
{
int buf_overflow = 0;
- if ((var->type != ASN_OBJECT_ID) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] =
- "Wrong Type (should be OBJECT IDENTIFIER): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_OBJECT_ID) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be OBJECT IDENTIFIER): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1150,16 +1150,16 @@ sprint_realloc_timeticks(u_char ** buf,
{
char timebuf[40];
- if ((var->type != ASN_TIMETICKS) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be Timeticks): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_TIMETICKS) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Timeticks): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_NUMERIC_TIMETICKS)) {
@@ -1298,17 +1298,18 @@ sprint_realloc_integer(u_char ** buf, si
{
char *enum_string = NULL;
- if ((var->type != ASN_INTEGER) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be INTEGER): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_INTEGER) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be INTEGER): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
+
for (; enums; enums = enums->next) {
if (enums->value == *var->val.integer) {
enum_string = enums->label;
@@ -1401,16 +1402,16 @@ sprint_realloc_uinteger(u_char ** buf, s
{
char *enum_string = NULL;
- if ((var->type != ASN_UINTEGER) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be UInteger32): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_UINTEGER) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be UInteger32): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
for (; enums; enums = enums->next) {
@@ -1498,17 +1499,16 @@ sprint_realloc_gauge(u_char ** buf, size
{
char tmp[32];
- if ((var->type != ASN_GAUGE) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] =
- "Wrong Type (should be Gauge32 or Unsigned32): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_GAUGE) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Gauge32 or Unsigned32): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1571,16 +1571,16 @@ sprint_realloc_counter(u_char ** buf, si
{
char tmp[32];
- if ((var->type != ASN_COUNTER) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be Counter32): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_COUNTER) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be Counter32): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1634,16 +1634,16 @@ sprint_realloc_networkaddress(u_char **
{
size_t i;
- if ((var->type != ASN_IPADDRESS) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be NetworkAddress): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_IPADDRESS) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be NetworkAddress): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1700,16 +1700,16 @@ sprint_realloc_ipaddress(u_char ** buf,
{
u_char *ip = var->val.string;
- if ((var->type != ASN_IPADDRESS) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be IpAddress): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_IPADDRESS) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be IpAddress): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1758,20 +1758,20 @@ sprint_realloc_null(u_char ** buf, size_
const struct enum_list *enums,
const char *hint, const char *units)
{
- if ((var->type != ASN_NULL) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be NULL): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_NULL) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be NULL): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
- } else {
- u_char str[] = "NULL";
- return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
}
+
+ u_char str[] = "NULL";
+ return snmp_strcat(buf, buf_len, out_len, allow_realloc, str);
}
@@ -1806,16 +1806,16 @@ sprint_realloc_bitstring(u_char ** buf,
u_char *cp;
char *enum_string;
- if ((var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be BITS): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_BIT_STR && var->type != ASN_OCTET_STR) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be BITS): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {
@@ -1890,16 +1890,16 @@ sprint_realloc_nsapaddress(u_char ** buf
const struct enum_list *enums, const char *hint,
const char *units)
{
- if ((var->type != ASN_NSAP) &&
- (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT))) {
- u_char str[] = "Wrong Type (should be NsapAddress): ";
- if (snmp_strcat(buf, buf_len, out_len, allow_realloc, str)) {
- return sprint_realloc_by_type(buf, buf_len, out_len,
+ if (var->type != ASN_NSAP) {
+ if (!netsnmp_ds_get_boolean(
+ NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICKE_PRINT)) {
+ u_char str[] = "Wrong Type (should be NsapAddress): ";
+ if (!snmp_strcat(buf, buf_len, out_len, allow_realloc, str))
+ return 0;
+ }
+ return sprint_realloc_by_type(buf, buf_len, out_len,
allow_realloc, var, NULL, NULL,
NULL);
- } else {
- return 0;
- }
}
if (!netsnmp_ds_get_boolean(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_QUICK_PRINT)) {