pkgsrc/net/net-snmp/patches/patch-agent_snmp__agent.c

$NetBSD: patch-agent_snmp__agent.c,v 1.1 2014/01/26 21:33:06 spz Exp $

patch for CVE-2012-6151 from
http://sourceforge.net/p/net-snmp/patches/_discuss/thread/36675011/e98b/attachment/alt-cancel-next-walk-v2.patch

--- agent/snmp_agent.c.orig	2012-10-09 22:28:58.000000000 +0000
+++ agent/snmp_agent.c
@@ -1409,6 +1409,7 @@ init_agent_snmp_session(netsnmp_session 
     asp->treecache_num = -1;
     asp->treecache_len = 0;
     asp->reqinfo = SNMP_MALLOC_TYPEDEF(netsnmp_agent_request_info);
+    asp->flags = SNMP_AGENT_FLAGS_NONE;
     DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p created\n",
                 asp, asp->reqinfo));
 
@@ -1458,6 +1459,9 @@ netsnmp_check_for_delegated(netsnmp_agen
     if (NULL == asp->treecache)
         return 0;
     
+    if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS)
+        return 0;
+
     for (i = 0; i <= asp->treecache_num; i++) {
         for (request = asp->treecache[i].requests_begin; request;
              request = request->next) {
@@ -1535,39 +1539,48 @@ int
 netsnmp_remove_delegated_requests_for_session(netsnmp_session *sess)
 {
     netsnmp_agent_session *asp;
-    int count = 0;
+    int total_count = 0;
     
     for (asp = agent_delegated_list; asp; asp = asp->next) {
         /*
          * check each request
          */
+        int i;
+        int count = 0;
         netsnmp_request_info *request;
-        for(request = asp->requests; request; request = request->next) {
-            /*
-             * check session
-             */
-            netsnmp_assert(NULL!=request->subtree);
-            if(request->subtree->session != sess)
-                continue;
-
-            /*
-             * matched! mark request as done
-             */
-            netsnmp_request_set_error(request, SNMP_ERR_GENERR);
-            ++count;
+        for (i = 0; i <= asp->treecache_num; i++) {
+	    for(request = asp->requests; request;
+                request = request->next) {
+		/*
+		 * check session
+		 */
+		netsnmp_assert(NULL!=request->subtree);
+		if(request->subtree->session != sess)
+		    continue;
+
+		/*
+		 * matched! mark request as done
+		 */
+		netsnmp_request_set_error(request, SNMP_ERR_GENERR);
+		++count;
+	    }
+	}
+        if (count) {
+            asp->flags |= SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS;
+            total_count += count;
         }
     }
 
     /*
      * if we found any, that request may be finished now
      */
-    if(count) {
+    if(total_count) {
         DEBUGMSGTL(("snmp_agent", "removed %d delegated request(s) for session "
-                    "%8p\n", count, sess));
-        netsnmp_check_outstanding_agent_requests();
+                    "%8p\n", total_count, sess));
+        netsnmp_check_delegated_requests();
     }
     
-    return count;
+    return total_count;
 }
 
 int
@@ -2739,13 +2752,8 @@ handle_var_requests(netsnmp_agent_sessio
     return final_status;
 }
 
-/*
- * loop through our sessions known delegated sessions and check to see
- * if they've completed yet. If there are no more delegated sessions,
- * check for and process any queued requests
- */
 void
-netsnmp_check_outstanding_agent_requests(void)
+netsnmp_check_delegated_requests(void)
 {
     netsnmp_agent_session *asp, *prev_asp = NULL, *next_asp = NULL;
 
@@ -2790,6 +2798,22 @@ netsnmp_check_outstanding_agent_requests
             prev_asp = asp;
         }
     }
+}
+
+/*
+ * loop through our sessions known delegated sessions and check to see
+ * if they've completed yet. If there are no more delegated sessions,
+ * check for and process any queued requests
+ */
+void
+netsnmp_check_outstanding_agent_requests(void)
+{
+    netsnmp_agent_session *asp;
+
+    /*
+     * deal with delegated requests
+     */
+    netsnmp_check_delegated_requests();
 
     /*
      * if we are processing a set and there are more delegated
@@ -2819,7 +2843,8 @@ netsnmp_check_outstanding_agent_requests
 
             netsnmp_processing_set = netsnmp_agent_queued_list;
             DEBUGMSGTL(("snmp_agent", "SET request remains queued while "
-                        "delegated requests finish, asp = %8p\n", asp));
+                        "delegated requests finish, asp = %8p\n",
+                        agent_delegated_list));
             break;
         }
 #endif /* NETSNMP_NO_WRITE_SUPPORT */
@@ -2880,6 +2905,10 @@ check_delayed_request(netsnmp_agent_sess
     case SNMP_MSG_GETBULK:
     case SNMP_MSG_GETNEXT:
         netsnmp_check_all_requests_status(asp, 0);
+        if (asp->flags & SNMP_AGENT_FLAGS_CANCEL_IN_PROGRESS) {
+            DEBUGMSGTL(("snmp_agent","canceling next walk for asp %p\n", asp));
+            break;
+        }
         handle_getnext_loop(asp);
         if (netsnmp_check_for_delegated(asp) &&
             netsnmp_check_transaction_id(asp->pdu->transid) !=