import net-snmp-5.8-29.el8

c8-beta imports/c8-beta/net-snmp-5.8-29.el8
MSVSphere Packaging Team 9 months ago
commit ac72cc950b

1
.gitignore vendored

@ -0,0 +1 @@
SOURCES/net-snmp-5.8.tar.gz

@ -0,0 +1 @@
81654b086af051edbe7e03ba49672aa0c2ab1d38 SOURCES/net-snmp-5.8.tar.gz

@ -0,0 +1,41 @@
MIBs included in this software taken from IETF Documents are considered
Code Components in accordance with the IETF Trust License Policy, as found
here:
http://trustee.ietf.org/license-info/
They are available under the terms of the Simplified BSD license, a copy of
which is included below.
*****
Copyright (c) 2013 IETF Trust and the persons identified as authors of
the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
· Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
· Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
· Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS
IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

@ -0,0 +1,70 @@
diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c
--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100
+++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100
@@ -16,6 +16,12 @@
#define SHELLCOMMAND 3
#endif
+/* This mib is potentially dangerous to turn on by default, since it
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
+ * access to the MIB table. If all of your users are "root" level
+ * users, then it may be safe to turn on. */
+#define ENABLE_EXTEND_WRITE_ACCESS 0
+
netsnmp_feature_require(extract_table_row_data)
netsnmp_feature_require(table_data_delete_table)
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
*
**********/
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
case MODE_SET_RESERVE1:
/*
* Validate the new assignments
@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
break;
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
default:
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
/*
* If we're marking a given row as active,
* then we need to check that it's ready.
@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h
}
}
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
@@ -1571,7 +1577,7 @@ fixExec2Error(int action,
idx = name[name_len-1] -1;
exten = &compatability_entries[ idx ];
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
switch (action) {
case MODE_SET_RESERVE1:
if (var_val_type != ASN_INTEGER) {
@@ -1592,7 +1598,7 @@ fixExec2Error(int action,
case MODE_SET_COMMIT:
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */

@ -0,0 +1,10 @@
926223 - net-snmp: Does not support aarch64 in f19 and rawhide
Update autoconf version to make the test suite happy.
diff -up net-snmp-5.7.2/dist/autoconf-version.autoreconf net-snmp-5.7.2/dist/autoconf-version
--- net-snmp-5.7.2/dist/autoconf-version.autoreconf 2013-03-25 13:00:15.002745347 +0100
+++ net-snmp-5.7.2/dist/autoconf-version 2013-03-25 13:00:17.207736442 +0100
@@ -1 +1 @@
-2.68
+2.69

@ -0,0 +1,30 @@
1134475 - dependency in perl package
Use hardcoded path to configuration directories instead of net-snmp-config.
net-snmp-config is in net-snmp-devel package and we do not want net-snmp-perl
depending on -devel.
diff -up net-snmp-5.7.2/local/net-snmp-cert.cert-path net-snmp-5.7.2/local/net-snmp-cert
--- net-snmp-5.7.2/local/net-snmp-cert.cert-path 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/local/net-snmp-cert 2014-09-01 12:05:10.582427036 +0200
@@ -819,8 +819,7 @@ sub set_default {
sub cfg_path {
my $path;
- $path = `$NetSNMP::Cert::CFGTOOL --snmpconfpath`;
- chomp $path;
+ $path = "/etc/snmp:/usr/share/snmp:/usr/lib64/snmp:/home/jsafrane/.snmp:/var/lib/net-snmp";
return (wantarray ? split(':', $path) : $path);
}
@@ -1414,8 +1413,8 @@ sub checkReqs {
die("$NetSNMP::Cert::OPENSSL (v$ossl_ver): must be $ossl_min_ver or later")
if ($ossl_ver cmp $ossl_min_ver) < 0;
- die("$NetSNMP::Cert::CFGTOOL not found: please install")
- if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
+# die("$NetSNMP::Cert::CFGTOOL not found: please install")
+# if system("$NetSNMP::Cert::CFGTOOL > /dev/null 2>&1");
}
sub initOpts {

@ -0,0 +1,128 @@
diff -up net-snmp-5.7.2/agent/Makefile.in.pie net-snmp-5.7.2/agent/Makefile.in
--- net-snmp-5.7.2/agent/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/agent/Makefile.in 2012-10-18 09:45:13.298613099 +0200
@@ -294,7 +294,7 @@ getmibstat.o: mibgroup/kernel_sunos5.c
$(CC) $(CFLAGS) -o $@ -D_GETMIBSTAT_TEST -DDODEBUG -c $?
snmpd$(EXEEXT): ${LAGENTOBJS} $(USELIBS) $(AGENTLIB) $(HELPERLIB) $(MIBLIB) $(LIBTARG)
- $(LINK) $(CFLAGS) -o $@ ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
+ $(LINK) $(CFLAGS) -o $@ -pie ${LAGENTOBJS} ${LDFLAGS} ${OUR_AGENT_LIBS}
libnetsnmpagent.$(LIB_EXTENSION)$(LIB_VERSION): ${LLIBAGENTOBJS} $(USELIBS)
$(LIB_LD_CMD) $(AGENTLIB) ${LLIBAGENTOBJS} $(USELIBS) ${LAGENTLIBS} @LD_NO_UNDEFINED@ $(LDFLAGS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) @AGENTLIBS@
diff -up net-snmp-5.7.2/apps/Makefile.in.pie net-snmp-5.7.2/apps/Makefile.in
--- net-snmp-5.7.2/apps/Makefile.in.pie 2012-10-10 00:28:58.000000000 +0200
+++ net-snmp-5.7.2/apps/Makefile.in 2012-10-18 09:44:27.827774580 +0200
@@ -170,7 +170,7 @@ snmptest$(EXEEXT): snmptest.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
- $(LINK) ${CFLAGS} -o $@ $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/Makefile.in 2018-09-25 09:38:18.361298461 +0200
@@ -156,37 +156,37 @@ OTHERUNINSTALL=snmpinformuninstall snmpt
# build rules
#
snmpwalk$(EXEEXT): snmpwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkwalk$(EXEEXT): snmpbulkwalk.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkwalk.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpbulkget$(EXEEXT): snmpbulkget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpbulkget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptranslate$(EXEEXT): snmptranslate.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptranslate.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpstatus$(EXEEXT): snmpstatus.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpstatus.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpget$(EXEEXT): snmpget.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpget.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdelta$(EXEEXT): snmpdelta.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdelta.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptable$(EXEEXT): snmptable.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptable.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptest$(EXEEXT): snmptest.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptest.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptrapd$(EXEEXT): $(TRAPD_OBJECTS) $(USETRAPLIBS) $(INSTALLLIBS)
$(LINK) ${CFLAGS} -o $@ -pie $(TRAPD_OBJECTS) $(INSTALLLIBS) ${LDFLAGS} ${TRAPLIBS}
snmptrap$(EXEEXT): snmptrap.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptrap.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpinform$(EXEEXT): snmptrap$(EXEEXT)
rm -f snmpinform
@@ -197,34 +197,34 @@ snmptop$(EXEEXT): snmpps$(EXEEXT)
$(LN_S) snmpps$(EXEEXT) snmptop$(EXEEXT)
snmpset$(EXEEXT): snmpset.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpset.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpusm$(EXEEXT): snmpusm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpusm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpvacm$(EXEEXT): snmpvacm.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpvacm.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmptls$(EXEEXT): snmptls.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmptls.$(OSUFFIX) ${LDFLAGS} ${LIBS}
agentxtrap$(EXEEXT): agentxtrap.$(OSUFFIX) $(USEAGENTLIBS)
$(LINK) ${CFLAGS} -o $@ agentxtrap.$(OSUFFIX) ${LDFLAGS} $(USEAGENTLIBS) $(PERLLDOPTS_FOR_APPS) ${LIBS}
snmpgetnext$(EXEEXT): snmpgetnext.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpgetnext.$(OSUFFIX) ${LDFLAGS} ${LIBS}
encode_keychange$(EXEEXT): encode_keychange.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie encode_keychange.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpdf$(EXEEXT): snmpdf.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpdf.$(OSUFFIX) ${LDFLAGS} ${LIBS}
snmpps$(EXEEXT): snmpps.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
+ $(LINK) ${CFLAGS} -o $@ -pie snmpps.$(OSUFFIX) ${LDFLAGS} @LIBCURSES@ ${LIBS}
snmpping$(EXEEXT): snmpping.$(OSUFFIX) $(USELIBS)
- $(LINK) ${CFLAGS} -o $@ snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
+ $(LINK) ${CFLAGS} -o $@ -pie snmpping.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lm
snmppcap$(EXEEXT): snmppcap.$(OSUFFIX) $(USELIBS)
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
diff -urNp a/apps/snmpnetstat/Makefile.in b/apps/snmpnetstat/Makefile.in
--- a/apps/snmpnetstat/Makefile.in 2018-09-25 09:18:46.036239465 +0200
+++ b/apps/snmpnetstat/Makefile.in 2018-09-25 09:39:30.406458117 +0200
@@ -34,4 +34,4 @@ LIBS= ../../snmplib/libnetsnmp.$(LIB_EX
all: standardall
snmpnetstat$(EXEEXT): ${LOBJS} ${USELIBS}
- ${LINK} ${CFLAGS} -o $@ ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}
+ ${LINK} ${CFLAGS} -o $@ -pie ${LOBJS} ${LOCAL_LIBS} ${LDFLAGS} ${LIBS}

@ -0,0 +1,14 @@
diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c
--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200
+++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200
@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam
return 0; /* or -1 */
it = CONTAINER_ITERATOR( swrun_container );
+ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) {
+ if (0 == strcmp( entry->hrSWRunName, name ))
+ i++;
+ }
while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) {
if (0 == strcmp( entry->hrSWRunName, name ))
i++;

@ -0,0 +1,129 @@
From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:24 -0800
Subject: [PATCH 1/3] snmp_agent: disallow SET with NULL varbind
---
agent/snmp_agent.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 867d0c166f..3f678fe2df 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
return 1;
}
+static int
+check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
+{
+ int i;
+ netsnmp_variable_list *v = NULL;
+
+ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
+ if (v->type == ASN_NULL) {
+ /*
+ * Protect SET implementations that do not protect themselves
+ * against wrong type.
+ */
+ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
+ asp->index = i;
+ return SNMP_ERR_WRONGTYPE;
+ }
+ }
+ return SNMP_ERR_NOERROR;
+}
+
int
handle_pdu(netsnmp_agent_session *asp)
{
int status, inclusives = 0;
netsnmp_variable_list *v = NULL;
+#ifndef NETSNMP_NO_WRITE_SUPPORT
+ /*
+ * Check for ASN_NULL in SET request
+ */
+ if (asp->pdu->command == SNMP_MSG_SET) {
+ status = check_set_pdu_for_null_varbind(asp);
+ if (status != SNMP_ERR_NOERROR) {
+ return status;
+ }
+ }
+#endif /* NETSNMP_NO_WRITE_SUPPORT */
+
/*
* for illegal requests, mark all nodes as ASN_NULL
*/
From 7f4ac4051cc7fec6a5944661923acb95cec359c7 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 08:41:46 -0800
Subject: [PATCH 2/3] apps: snmpset: allow SET with NULL varbind for testing
---
apps/snmpset.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/apps/snmpset.c b/apps/snmpset.c
index 48e14bd513..d542713e1b 100644
--- a/apps/snmpset.c
+++ b/apps/snmpset.c
@@ -182,6 +182,7 @@ main(int argc, char *argv[])
case 'x':
case 'd':
case 'b':
+ case 'n': /* undocumented */
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
case 'I':
case 'U':
From 15f9d7f7e5b90c9b419832ed8e6413feb6570d83 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 25 Nov 2022 10:23:32 -0800
Subject: [PATCH 3/3] Add test for NULL varbind set
---
.../default/T0142snmpv2csetnull_simple | 31 +++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple
diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple
new file mode 100644
index 0000000000..0f1b8f386b
--- /dev/null
+++ b/testing/fulltests/default/T0142snmpv2csetnull_simple
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. ../support/simple_eval_tools.sh
+
+HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
+
+SKIPIF NETSNMP_DISABLE_SET_SUPPORT
+SKIPIF NETSNMP_NO_WRITE_SUPPORT
+SKIPIF NETSNMP_DISABLE_SNMPV2C
+SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
+
+#
+# Begin test
+#
+
+# standard V2C configuration: testcomunnity
+snmp_write_access='all'
+. ./Sv2cconfig
+STARTAGENT
+
+CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
+
+CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
+
+CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
+
+CHECK "Reason: wrongType"
+
+STOPAGENT
+
+FINISHED

@ -0,0 +1,12 @@
diff -urNp a/include/net-snmp/library/int64.h b/include/net-snmp/library/int64.h
--- a/include/net-snmp/library/int64.h 2018-07-18 14:37:16.543348832 +0200
+++ b/include/net-snmp/library/int64.h 2018-07-18 15:31:31.516999288 +0200
@@ -10,7 +10,7 @@ extern "C" {
* Note: using the U64 typedef is deprecated because this typedef conflicts
* with a typedef with the same name defined in the Perl header files.
*/
- typedef struct counter64 U64;
+// typedef struct counter64 U64;
#endif
#define I64CHARSZ 21

@ -0,0 +1,100 @@
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 27 Apr 2020 08:23:16 -0700
Subject: [PATCH] configure: Report supported authentication and encryption
modes correctly
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
protocol constants handling") added support for several AES encryption modes.
Make the configure script report which modes are supported.
---
configure | 15 ++++++++++++++-
configure.d/config_os_misc2 | 15 ++++++++++++++-
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/configure b/configure
index 46402589f..7481ebd07 100755
--- a/configure
+++ b/configure
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
$as_echo "Internal Crypto Support" >&6; }
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -26492,6 +26498,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
index 1df9bf0a2..be0bccec0 100644
--- a/configure.d/config_os_misc2
+++ b/configure.d/config_os_misc2
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
AC_MSG_RESULT(Internal Crypto Support)
elif test "x$useopenssl" != "xno" ; then
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+ authmodes="MD5 SHA1"
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
+ authmodes="$authmodes SHA224 SHA256"
+ fi
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
+ authmodes="$authmodes SHA384 SHA512"
+ fi
if test "x$enable_privacy" != "xno" ; then
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
encrmodes="DES AES"
@@ -86,6 +92,13 @@ fi
if test "x$enable_md5" = "xno"; then
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+ test "x$CRYPTO" = xinternal; then
+ encrmodes="$encrmodes AES128"
+ if test "x$aes_capable" = "xyes"; then
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+ fi
+fi
AC_SUBST(LNETSNMPLIBS)
AC_SUBST(LAGENTLIBS)
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
@@ -58,11 +58,11 @@ case $1 in
exit 1
fi
case $1 in
- DES|AES|AES128)
+ DES|AES|AES128|AES192|AES256)
Xalgorithm=$1
shift
;;
- des|aes|aes128)
+ des|aes|aes128|aes192|aes256)
Xalgorithm=`echo $1 | tr a-z A-Z`
shift
;;

@ -0,0 +1,122 @@
diff -urNp a/agent/agent_trap.c b/agent/agent_trap.c
--- a/agent/agent_trap.c 2019-02-13 13:10:36.862269252 +0100
+++ b/agent/agent_trap.c 2019-02-13 15:02:11.396042356 +0100
@@ -174,6 +174,11 @@ _trap_version_incr(int version)
case SNMP_VERSION_3:
++_v2_sessions;
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
@@ -201,6 +206,11 @@ _trap_version_decr(int version)
_v2_sessions = 0;
}
break;
+#ifdef USING_AGENTX_PROTOCOL_MODULE
+ case AGENTX_VERSION_1:
+ /* agentx registers in sinks, no need to count */
+ break;
+#endif
default:
snmp_log(LOG_ERR, "unknown snmp version %d\n", version);
}
diff -urNp old/agent/mibgroup/agentx/master.c new/agent/mibgroup/agentx/master.c
--- old/agent/mibgroup/agentx/master.c 2019-04-03 12:13:55.115769783 +0200
+++ new/agent/mibgroup/agentx/master.c 2019-04-10 09:49:53.277168497 +0200
@@ -280,6 +280,11 @@ agentx_got_response(int operation,
netsnmp_free_delegated_cache(cache);
return 0;
+ case NETSNMP_CALLBACK_OP_RESEND:
+ DEBUGMSGTL(("agentx/master", "resend on session %8p req=0x%x\n",
+ session, (unsigned)reqid));
+ return 0;
+
case NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE:
/*
* This session is alive
diff -urNp old/snmplib/snmp_api.c new/snmplib/snmp_api.c
--- old/snmplib/snmp_api.c 2019-04-24 00:28:34.904357292 +0200
+++ new/snmplib/snmp_api.c 2019-04-24 00:24:40.101830685 +0200
@@ -352,6 +352,7 @@ static int snmpv3_build(u_char ** p
netsnmp_pdu *pdu);
static int snmp_parse_version(u_char *, size_t);
static int snmp_resend_request(struct session_list *slp,
+ netsnmp_request_list *orp,
netsnmp_request_list *rp,
int incr_retries);
static void register_default_handlers(void);
@@ -5717,7 +5718,7 @@ _sess_process_packet_handle_pdu(void *se
* * inifinite resend
*/
if (rp->retries <= sp->retries) {
- snmp_resend_request(slp, rp, TRUE);
+ snmp_resend_request(slp, orp, rp, TRUE);
break;
} else {
/* We're done with retries, so no longer waiting for a response */
@@ -6662,9 +6663,22 @@ snmp_timeout(void)
snmp_res_unlock(MT_LIBRARY_ID, MT_LIB_SESSION);
}
+static void
+remove_request(struct snmp_internal_session *isp,
+ netsnmp_request_list *orp, netsnmp_request_list *rp)
+{
+ if (orp)
+ orp->next_request = rp->next_request;
+ else
+ isp->requests = rp->next_request;
+ if (isp->requestsEnd == rp)
+ isp->requestsEnd = orp;
+ snmp_free_pdu(rp->pdu);
+}
+
static int
-snmp_resend_request(struct session_list *slp, netsnmp_request_list *rp,
- int incr_retries)
+snmp_resend_request(struct session_list *slp, netsnmp_request_list *orp,
+ netsnmp_request_list *rp, int incr_retries)
{
struct snmp_internal_session *isp;
netsnmp_session *sp;
@@ -6731,9 +6745,11 @@ snmp_resend_request(struct session_list
sp->s_snmp_errno = SNMPERR_BAD_SENDTO;
sp->s_errno = errno;
snmp_set_detail(strerror(errno));
- if (rp->callback)
+ if (rp->callback) {
rp->callback(NETSNMP_CALLBACK_OP_SEND_FAILED, sp,
rp->pdu->reqid, rp->pdu, rp->cb_data);
+ remove_request(isp, orp, rp);
+ }
return -1;
} else {
netsnmp_get_monotonic_clock(&now);
@@ -6813,19 +6829,12 @@ snmp_sess_timeout(void *sessp)
callback(NETSNMP_CALLBACK_OP_TIMED_OUT, sp,
rp->pdu->reqid, rp->pdu, magic);
}
- if (orp)
- orp->next_request = rp->next_request;
- else
- isp->requests = rp->next_request;
- if (isp->requestsEnd == rp)
- isp->requestsEnd = orp;
- snmp_free_pdu(rp->pdu);
+ remove_request(isp, orp, rp);
freeme = rp;
continue; /* don't update orp below */
} else {
- if (snmp_resend_request(slp, rp, TRUE)) {
+ if (snmp_resend_request(slp, orp, rp, TRUE))
break;
- }
}
}
orp = rp;

@ -0,0 +1,12 @@
diff -urNp a/agent/mibgroup/agentx/master.c b/agent/mibgroup/agentx/master.c
--- a/agent/mibgroup/agentx/master.c 2018-07-18 12:13:49.953014652 +0200
+++ b/agent/mibgroup/agentx/master.c 2018-07-18 12:20:23.537626773 +0200
@@ -221,7 +221,7 @@ agentx_got_response(int operation,
/* response is too late, free the cache */
if (magic)
netsnmp_free_delegated_cache((netsnmp_delegated_cache*) magic);
- return 0;
+ return 1;
}
requests = cache->requests;

@ -0,0 +1,86 @@
From 92f0fe9e0dc3cf7ab6e8cc94d7962df83d0ddbec Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 12:21:59 -0800
Subject: [PATCH] libsnmp: Fix asn_parse_nlength()
Handle length zero correctly.
Fixes: https://github.com/net-snmp/net-snmp/issues/253
Fixes: a9850f4445cf ("asn parse: add NULL checks, check length lengths")
---
snmplib/asn1.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/snmplib/asn1.c b/snmplib/asn1.c
index e983500e7..33c272768 100644
--- a/snmplib/asn1.c
+++ b/snmplib/asn1.c
@@ -345,7 +345,7 @@ asn_parse_nlength(u_char *pkt, size_t pkt_len, u_long *data_len)
* long length; first byte is length of length (after masking high bit)
*/
len_len = (int) ((*pkt & ~0x80) + 1);
- if ((int) pkt_len <= len_len )
+ if (pkt_len < len_len)
return NULL; /* still too short for length and data */
/* now we know we have enough data to parse length */
From baef04f9c6fe0eb3ac74dd4d26a19264eeaf7fa1 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 4 Jan 2021 10:00:33 -0800
Subject: [PATCH] testing/fulltests/unit-tests/T105trap_parse_clib: Add this
test
Add a reproducer for the bug fixed by the previous patch.
---
.../unit-tests/T105trap_parse_clib.c | 41 +++++++++++++++++++
1 file changed, 41 insertions(+)
create mode 100644 testing/fulltests/unit-tests/T105trap_parse_clib.c
diff --git a/testing/fulltests/unit-tests/T105trap_parse_clib.c b/testing/fulltests/unit-tests/T105trap_parse_clib.c
new file mode 100644
index 000000000..5c21ccdc7
--- /dev/null
+++ b/testing/fulltests/unit-tests/T105trap_parse_clib.c
@@ -0,0 +1,41 @@
+/* HEADER Parsing of an SNMP trap with no varbinds */
+netsnmp_pdu pdu;
+int rc;
+static u_char trap_pdu[] = {
+ /* Sequence with length of 0x2d = 45 bytes. */
+ [ 0] = 0x30, [ 1] = 0x82, [ 2] = 0x00, [ 3] = 0x2d,
+ /* version = INTEGER 0 */
+ [ 4] = 0x02, [ 5] = 0x01, [ 6] = 0x00,
+ /* community = public (OCTET STRING 0x70 0x75 0x62 0x6c 0x69 0x63) */
+ [ 7] = 0x04, [ 8] = 0x06, [ 9] = 0x70, [10] = 0x75,
+ [11] = 0x62, [12] = 0x6c, [13] = 0x69, [14] = 0x63,
+ /* SNMP_MSG_TRAP; 32 bytes. */
+ [15] = 0xa4, [16] = 0x20,
+ /* enterprise = OBJECT IDENTIFIER .1.3.6.1.6.3.1.1.5 = snmpTraps */
+ [17] = 0x06, [18] = 0x08,
+ [19] = 0x2b, [20] = 0x06, [21] = 0x01, [22] = 0x06,
+ [23] = 0x03, [24] = 0x01, [25] = 0x01, [26] = 0x05,
+ /* agent-addr = ASN_IPADDRESS 192.168.1.34 */
+ [27] = 0x40, [28] = 0x04, [29] = 0xc0, [30] = 0xa8,
+ [31] = 0x01, [32] = 0x22,
+ /* generic-trap = INTEGER 0 */
+ [33] = 0x02, [34] = 0x01, [35] = 0x00,
+ /* specific-trap = INTEGER 0 */
+ [36] = 0x02, [37] = 0x01, [38] = 0x00,
+ /* ASN_TIMETICKS 0x117f243a */
+ [39] = 0x43, [40] = 0x04, [41] = 0x11, [42] = 0x7f,
+ [43] = 0x24, [44] = 0x3a,
+ /* varbind list */
+ [45] = 0x30, [46] = 0x82, [47] = 0x00, [48] = 0x00,
+};
+static size_t trap_pdu_length = sizeof(trap_pdu);
+netsnmp_session session;
+
+snmp_set_do_debugging(TRUE);
+debug_register_tokens("dumpv_recv,dumpv_send,asn,recv");
+memset(&session, 0, sizeof(session));
+snmp_sess_init(&session);
+memset(&pdu, 0, sizeof(pdu));
+rc = snmp_parse(NULL, &session, &pdu, trap_pdu, trap_pdu_length);
+
+OKF((rc == 0), ("Parsing of a trap PDU"));

@ -0,0 +1,199 @@
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntctl.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntctl.c 2018-07-18 16:15:46.782859398 +0200
@@ -43,8 +43,9 @@ _fsys_type( int type)
case MNT_NFS:
case MNT_NFS3:
- case MNT_AUTOFS:
return NETSNMP_FS_TYPE_NFS;
+ case MNT_AUTOFS:
+ return NETSNMP_FS_TYPE_AUTOFS;
/*
* The following code covers selected filesystems
@@ -156,10 +157,12 @@ netsnmp_fsys_arch_load( void )
/*
* Optionally skip retrieving statistics for remote mounts
+ * AUTOFS is skipped by default
*/
- if ( (entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
+ if ( ((entry->flags & NETSNMP_FS_FLAG_REMOTE) &&
netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
- NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
+ NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES)) ||
+ entry->type == (NETSNMP_FS_TYPE_AUTOFS))
continue;
if ( statfs( entry->path, &stat_buf ) < 0 ) {
diff -urNp b/agent/mibgroup/hardware/fsys/fsys_mntent.c net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c
--- b/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/fsys_mntent.c 2018-07-18 16:15:46.782859398 +0200
@@ -150,6 +150,13 @@ _fsys_type( char *typename )
!strcmp(typename, MNTTYPE_LOFS))
return NETSNMP_FS_TYPE_OTHER;
+ /* Detection of AUTOFS.
+ * This file system will be ignored by default
+ */
+ else if ( !strcmp(typename, MNTTYPE_AUTOFS))
+ return NETSNMP_FS_TYPE_AUTOFS;
+
+
/*
* All other types are silently skipped
*/
@@ -239,6 +246,10 @@ netsnmp_fsys_arch_load( void )
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES))
continue;
+ /* Skip AUTOFS enteries */
+ if ( entry->type == (NETSNMP_FS_TYPE_AUTOFS))
+ continue;
+
#ifdef irix6
if ( NSFS_STATFS( entry->path, &stat_buf, sizeof(struct statfs), 0) < 0 )
#else
diff -urNp b/agent/mibgroup/hardware/fsys/mnttypes.h net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h
--- b/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:12:20.674499629 +0200
+++ net-snmp-5.8/agent/mibgroup/hardware/fsys/mnttypes.h 2018-07-18 16:15:46.782859398 +0200
@@ -165,6 +165,9 @@
#ifndef MNTTYPE_APP
#define MNTTYPE_APP "app"
#endif
+#ifndef MNTTYPE_AUTOFS
+#define MNTTYPE_AUTOFS "autofs"
+#endif
#ifndef MNTTYPE_DEVPTS
#define MNTTYPE_DEVPTS "devpts"
#endif
diff -urNp b/agent/mibgroup/host/hr_filesys.c net-snmp-5.8/agent/mibgroup/host/hr_filesys.c
--- b/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.c 2018-07-18 16:15:46.783859399 +0200
@@ -834,6 +834,27 @@ Check_HR_FileSys_NFS (void)
return 0; /* no NFS file system */
}
+/* This function checks whether current file system is an AutoFs
+ * HRFS_entry must be valid prior to calling this function
+ * return 1 if AutoFs, 0 otherwise
+ */
+int
+Check_HR_FileSys_AutoFs (void)
+{
+#if HAVE_GETFSSTAT
+ if ( HRFS_entry->HRFS_type != NULL &&
+#if defined(MNTTYPE_AUTOFS)
+ !strcmp( HRFS_entry->HRFS_type, MNTTYPE_AUTOFS)
+#else
+ !strcmp( HRFS_entry->HRFS_type, "autofs")
+#endif
+ )
+#endif /* HAVE_GETFSSTAT */
+ return 1; /* AUTOFS */
+
+ return 0; /* no AUTOFS */
+}
+
void
End_HR_FileSys(void)
{
diff -urNp b/agent/mibgroup/host/hr_filesys.h net-snmp-5.8/agent/mibgroup/host/hr_filesys.h
--- b/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_filesys.h 2018-07-18 16:15:46.784859400 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_filesys.c net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c
--- b/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.c 2018-07-18 16:15:46.785859402 +0200
@@ -429,3 +429,9 @@ Check_HR_FileSys_NFS (void)
{
return (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) ? 1 : 0;
}
+
+int
+Check_HR_FileSys_AutoFs (void)
+{
+ return (HRFS_entry->type == (NETSNMP_FS_TYPE_AUTOFS)) ? 1 : 0;
+}
diff -urNp b/agent/mibgroup/host/hrh_filesys.h net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h
--- b/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:12:20.669499648 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_filesys.h 2018-07-18 16:15:46.785859402 +0200
@@ -10,6 +10,7 @@ extern void Init_HR_FileSys(void);
extern FindVarMethod var_hrhfilesys;
extern int Get_Next_HR_FileSys(void);
extern int Check_HR_FileSys_NFS(void);
+extern int Check_HR_FileSys_AutoFs(void);
extern int Get_FSIndex(char *);
extern long Get_FSSize(char *); /* Temporary */
diff -urNp b/agent/mibgroup/host/hrh_storage.c net-snmp-5.8/agent/mibgroup/host/hrh_storage.c
--- b/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:12:20.668499652 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hrh_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -367,9 +367,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (HRFS_entry &&
store_idx > NETSNMP_MEM_TYPE_MAX &&
- netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ ((netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs()))
return NULL;
if (store_idx <= NETSNMP_MEM_TYPE_MAX ) {
mem = (netsnmp_memory_info*)ptr;
@@ -508,7 +509,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/agent/mibgroup/host/hr_storage.c net-snmp-5.8/agent/mibgroup/host/hr_storage.c
--- b/agent/mibgroup/host/hr_storage.c 2018-07-18 16:12:20.670499644 +0200
+++ net-snmp-5.8/agent/mibgroup/host/hr_storage.c 2018-07-18 16:15:46.786859402 +0200
@@ -540,9 +540,10 @@ really_try_next:
store_idx = name[ HRSTORE_ENTRY_NAME_LENGTH ];
if (store_idx > NETSNMP_MEM_TYPE_MAX ) {
- if ( netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
+ if ( (netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())
+ Check_HR_FileSys_NFS()) ||
+ Check_HR_FileSys_AutoFs())
return NULL; /* or goto try_next; */
if (HRFS_statfs(HRFS_entry->HRFS_mount, &stat_buf) < 0) {
snmp_log_perror(HRFS_entry->HRFS_mount);
@@ -683,7 +684,8 @@ Get_Next_HR_Store(void)
if (HRS_index >= 0) {
if (!(netsnmp_ds_get_boolean(NETSNMP_DS_APPLICATION_ID,
NETSNMP_DS_AGENT_SKIPNFSINHOSTRESOURCES) &&
- Check_HR_FileSys_NFS())) {
+ Check_HR_FileSys_NFS()) &&
+ !Check_HR_FileSys_AutoFs()) {
return HRS_index + NETSNMP_MEM_TYPE_MAX;
}
} else {
diff -urNp b/include/net-snmp/agent/hardware/fsys.h net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h
--- b/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:12:20.649499726 +0200
+++ net-snmp-5.8/include/net-snmp/agent/hardware/fsys.h 2018-07-18 16:19:33.994918912 +0200
@@ -41,6 +41,7 @@ typedef struct netsnmp_fsys_info_s netsn
#define NETSNMP_FS_TYPE_SYSFS (4 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_TYPE_TMPFS (5 | _NETSNMP_FS_TYPE_LOCAL)
#define NETSNMP_FS_TYPE_USBFS (6 | _NETSNMP_FS_TYPE_LOCAL)
+#define NETSNMP_FS_TYPE_AUTOFS (7 | _NETSNMP_FS_TYPE_LOCAL | _NETSNMP_FS_TYPE_SKIP_BIT)
#define NETSNMP_FS_FLAG_ACTIVE 0x01
#define NETSNMP_FS_FLAG_REMOTE 0x02

@ -0,0 +1,90 @@
diff -urNp a/agent/mibgroup/host/hrh_filesys.c b/agent/mibgroup/host/hrh_filesys.c
--- a/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:30:07.744455758 +0200
+++ b/agent/mibgroup/host/hrh_filesys.c 2021-06-09 10:32:50.657160232 +0200
@@ -219,6 +219,7 @@ var_hrhfilesys(struct variable *vp,
{
int fsys_idx;
static char *string;
+ static char empty_str[1];
fsys_idx =
header_hrhfilesys(vp, name, length, exact, var_len, write_method);
@@ -235,7 +236,7 @@ var_hrhfilesys(struct variable *vp,
*var_len = 0;
if (asprintf(&string, "%s", HRFS_entry->path) >= 0)
*var_len = strlen(string);
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_RMOUNT:
free(string);
if (HRFS_entry->flags & NETSNMP_FS_FLAG_REMOTE) {
@@ -245,7 +246,7 @@ var_hrhfilesys(struct variable *vp,
string = strdup("");
}
*var_len = string ? strlen(string) : 0;
- return (u_char *) string;
+ return (u_char *)(string ? string : empty_str);
case HRFSYS_TYPE:
fsys_type_id[fsys_type_len - 1] =
diff -urNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:30:07.728455689 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2021-06-09 10:34:32.722597366 +0200
@@ -842,6 +842,7 @@ var_extensible_disk(struct variable *vp,
struct dsk_entry entry;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
int i;
for (i = 0; i < numdisks; i++){
@@ -950,7 +951,7 @@ tryAgain:
*var_len = strlen(errmsg);
}
}
- return (u_char *) (errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/disk_hw.c b/agent/mibgroup/ucd-snmp/disk_hw.c
--- a/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:30:07.727455684 +0200
+++ b/agent/mibgroup/ucd-snmp/disk_hw.c 2021-06-09 10:35:53.420943010 +0200
@@ -314,6 +314,7 @@ var_extensible_disk(struct variable *vp,
unsigned long long val;
static long long_ret;
static char *errmsg;
+ static char empty_str[1];
netsnmp_cache *cache;
/* Update the fsys H/W module */
@@ -432,7 +433,7 @@ tryAgain:
>= 0)) {
*var_len = strlen(errmsg);
}
- return (u_char *) errmsg;
+ return (u_char *)(errmsg ? errmsg : empty_str);
}
return NULL;
}
diff -urNp a/agent/mibgroup/ucd-snmp/proc.c b/agent/mibgroup/ucd-snmp/proc.c
--- a/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:30:07.725455676 +0200
+++ b/agent/mibgroup/ucd-snmp/proc.c 2021-06-09 10:37:31.143361548 +0200
@@ -267,7 +267,7 @@ var_extensible_proc(struct variable *vp,
struct myproc *proc;
static long long_ret;
static char *errmsg;
-
+ static char empty_str[1];
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numprocs))
@@ -330,7 +330,7 @@ var_extensible_proc(struct variable *vp,
}
}
*var_len = errmsg ? strlen(errmsg) : 0;
- return ((u_char *) errmsg);
+ return (u_char *)(errmsg ? errmsg : empty_str);
case ERRORFIX:
*write_method = fixProcError;
long_return = fixproc.result;

@ -0,0 +1,51 @@
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-09-29 14:08:09.821479662 +0200
+++ b/snmplib/snmp_api.c 2020-10-01 10:15:46.607374362 +0200
@@ -769,7 +769,7 @@ snmp_sess_init(netsnmp_session * session
session->retries = SNMP_DEFAULT_RETRIES;
session->version = SNMP_DEFAULT_VERSION;
session->securityModel = SNMP_DEFAULT_SECMODEL;
- session->rcvMsgMaxSize = SNMP_MAX_MSG_SIZE;
+ session->rcvMsgMaxSize = netsnmp_max_send_msg_size();
session->sndMsgMaxSize = netsnmp_max_send_msg_size();
session->flags |= SNMP_FLAGS_DONT_PROBE;
}
@@ -2731,7 +2731,7 @@ snmpv3_packet_build(netsnmp_session * se
/*
* build a scopedPDU structure into spdu_buf
*/
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "ScopedPdu");
cp = snmpv3_scopedPDU_header_build(pdu, spdu_buf, &spdu_buf_len,
&spdu_hdr_e);
@@ -2743,6 +2743,11 @@ snmpv3_packet_build(netsnmp_session * se
*/
DEBUGPRINTPDUTYPE("send", ((pdu_data) ? *pdu_data : 0x00));
if (pdu_data) {
+ if (cp + pdu_data_len > spdu_buf + sizeof(spdu_buf)) {
+ snmp_log(LOG_ERR, "%s: PDU too big (%" NETSNMP_PRIz "d > %" NETSNMP_PRIz "d)\n",
+ __func__, pdu_data_len, sizeof(spdu_buf));
+ return -1;
+ }
memcpy(cp, pdu_data, pdu_data_len);
cp += pdu_data_len;
} else {
@@ -2756,7 +2761,7 @@ snmpv3_packet_build(netsnmp_session * se
* re-encode the actual ASN.1 length of the scopedPdu
*/
spdu_len = cp - spdu_hdr_e; /* length of scopedPdu minus ASN.1 headers */
- spdu_buf_len = SNMP_MAX_MSG_SIZE;
+ spdu_buf_len = sizeof(spdu_buf);
if (asn_build_sequence(spdu_buf, &spdu_buf_len,
(u_char) (ASN_SEQUENCE | ASN_CONSTRUCTOR),
spdu_len) == NULL)
@@ -2769,7 +2774,7 @@ snmpv3_packet_build(netsnmp_session * se
* message - the entire message to transmitted on the wire is returned
*/
cp = NULL;
- *out_length = SNMP_MAX_MSG_SIZE;
+ *out_length = sizeof(spdu_buf);
DEBUGDUMPSECTION("send", "SM msgSecurityParameters");
sptr = find_sec_mod(pdu->securityModel);
if (sptr && sptr->encode_forward) {

@ -0,0 +1,12 @@
diff -urNp a/local/net-snmp-cert b/local/net-snmp-cert
--- a/local/net-snmp-cert 2021-10-11 09:08:53.451970484 +0200
+++ b/local/net-snmp-cert 2021-10-11 09:11:36.765386413 +0200
@@ -1002,7 +1002,7 @@ sub make_openssl_conf {
rdir = .
dir = $ENV::DIR
RANDFILE = $rdir/.rand
-MD = sha1
+MD = sha512
KSIZE = 2048
CN = net-snmp.org
EMAIL = admin@net-snmp.org

@ -0,0 +1,112 @@
diff -urNp a/net-snmp-config.in b/net-snmp-config.in
--- a/net-snmp-config.in 2018-07-18 13:43:12.264426052 +0200
+++ b/net-snmp-config.in 2018-07-18 13:52:06.917089518 +0200
@@ -140,10 +140,10 @@ else
;;
#################################################### compile
--base-cflags)
- echo @CFLAGS@ @CPPFLAGS@ -I${NSC_INCLUDEDIR}
+ echo -I${NSC_INCLUDEDIR}
;;
--cflags|--cf*)
- echo @CFLAGS@ @DEVFLAGS@ @CPPFLAGS@ -I. -I${NSC_INCLUDEDIR}
+ echo @DEVFLAGS@ -I. -I${NSC_INCLUDEDIR}
;;
--srcdir)
echo $NSC_SRCDIR
diff -urNp a/perl/agent/default_store/Makefile.PL b/perl/agent/default_store/Makefile.PL
--- a/perl/agent/default_store/Makefile.PL 2018-07-18 13:43:12.170426290 +0200
+++ b/perl/agent/default_store/Makefile.PL 2018-07-18 13:51:31.812176486 +0200
@@ -83,7 +83,7 @@ sub AgentDefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Makefile.PL b/perl/agent/Makefile.PL
--- a/perl/agent/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Makefile.PL 2018-07-18 13:52:53.884973275 +0200
@@ -98,7 +98,7 @@ sub AgentInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . $Params{'LIBS'};
# $Params{'PREREQ_PM'} = {'NetSNMP::OID' => '0.1'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/agent/Support/Makefile.PL b/perl/agent/Support/Makefile.PL
--- a/perl/agent/Support/Makefile.PL 2018-07-18 13:43:12.169426292 +0200
+++ b/perl/agent/Support/Makefile.PL 2018-07-18 13:53:11.414929921 +0200
@@ -90,7 +90,7 @@ sub SupportInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/ASN/Makefile.PL b/perl/ASN/Makefile.PL
--- a/perl/ASN/Makefile.PL 2018-07-18 13:43:12.171426287 +0200
+++ b/perl/ASN/Makefile.PL 2018-07-18 13:53:46.652842822 +0200
@@ -93,7 +93,7 @@ sub AsnInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/default_store/Makefile.PL b/perl/default_store/Makefile.PL
--- a/perl/default_store/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/default_store/Makefile.PL 2018-07-18 13:54:20.814758441 +0200
@@ -83,7 +83,7 @@ sub DefaultStoreInitMakeParams {
" " . $Params{'LIBS'};
$Params{'CCFLAGS'} = "-I../../include " . $Params{'CCFLAGS'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/OID/Makefile.PL b/perl/OID/Makefile.PL
--- a/perl/OID/Makefile.PL 2018-07-18 13:43:12.175426277 +0200
+++ b/perl/OID/Makefile.PL 2018-07-18 13:54:43.348702811 +0200
@@ -90,7 +90,7 @@ sub OidInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = {'SNMP' => '5.0'};
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'LIBS'} eq "" || $Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";
diff -urNp a/perl/SNMP/Makefile.PL b/perl/SNMP/Makefile.PL
--- a/perl/SNMP/Makefile.PL 2018-07-18 13:43:12.173426282 +0200
+++ b/perl/SNMP/Makefile.PL 2018-07-18 13:55:07.220643903 +0200
@@ -103,7 +103,7 @@ sub SnmpInitMakeParams {
# } else {
# $Params{'PREREQ_PM'} = { 'NetSNMP::default_store' => 0.01 };
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if (!$ENV{'NETSNMP_PREFIX'}) {
$prefix = `$opts->{'nsconfig'} --prefix`;
diff -urNp a/perl/TrapReceiver/Makefile.PL b/perl/TrapReceiver/Makefile.PL
--- a/perl/TrapReceiver/Makefile.PL 2018-07-18 13:43:12.172426285 +0200
+++ b/perl/TrapReceiver/Makefile.PL 2018-07-18 13:55:43.100647233 +0200
@@ -132,7 +132,7 @@ sub TrapReceiverInitMakeParams {
$Params{'LIBS'} = `$opts->{'nsconfig'} --libdir` . " $Params{'LIBS'}";
}
- $Params{'CCFLAGS'} =~ s/ -W(all|inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
+ $Params{'CCFLAGS'} =~ s/ -W(inline|strict-prototypes|write-strings|cast-qual|no-char-subscripts)//g; # ignore developer warnings
$Params{'CCFLAGS'} .= ' -Wformat';
if ($Params{'CCFLAGS'} eq "") {
die "You need to install net-snmp first (I can't find net-snmp-config)";

@ -0,0 +1,35 @@
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-11-26 11:05:51.084788775 +0100
+++ b/snmplib/snmp_api.c 2020-11-26 11:08:27.850751397 +0100
@@ -235,7 +235,7 @@ static const char *api_errors[-SNMPERR_M
"No error", /* SNMPERR_SUCCESS */
"Generic error", /* SNMPERR_GENERR */
"Invalid local port", /* SNMPERR_BAD_LOCPORT */
- "Unknown host", /* SNMPERR_BAD_ADDRESS */
+ "Invalid address", /* SNMPERR_BAD_ADDRESS */
"Unknown session", /* SNMPERR_BAD_SESSION */
"Too long", /* SNMPERR_TOO_LONG */
"No socket", /* SNMPERR_NO_SOCKET */
@@ -1662,7 +1662,9 @@ _sess_open(netsnmp_session * in_session)
DEBUGMSGTL(("_sess_open", "couldn't interpret peername\n"));
in_session->s_snmp_errno = SNMPERR_BAD_ADDRESS;
in_session->s_errno = errno;
- snmp_set_detail(in_session->peername);
+ if (!netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
+ NETSNMP_DS_LIB_CLIENT_ADDR))
+ snmp_set_detail(in_session->peername);
return NULL;
}
diff -ruNp a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 12:51:51.948106797 +0100
+++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c 2021-01-06 14:17:31.029745744 +0100
@@ -209,6 +209,8 @@ netsnmp_udpipv4base_transport_bind(netsn
DEBUGMSGTL(("netsnmp_udpbase",
"failed to bind for clientaddr: %d %s\n",
errno, strerror(errno)));
+ NETSNMP_LOGONCE((LOG_ERR, "Cannot bind for clientaddr: %s\n",
+ strerror(errno)));
netsnmp_socketbase_close(t);
return 1;
}

@ -0,0 +1,68 @@
diff -urNp a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c
--- a/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 10:43:38.722444233 +0200
+++ b/agent/mibgroup/disman/event/mteTrigger.c 2018-09-27 11:01:46.503253963 +0200
@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThRiseEvent[0] != '\0' ) {
+ if (entry->mteTThFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *
* Similarly, if no fallEvent is configured,
* there's no point in trying to fire it either.
*/
- if (entry->mteTThDRiseEvent[0] != '\0' ) {
+ if (entry->mteTThDFallEvent[0] != '\0' ) {
entry->mteTriggerXOwner = entry->mteTThObjOwner;
entry->mteTriggerXObjects = entry->mteTThObjects;
entry->mteTriggerFired = vp1;
diff -urNp a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c
--- a/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 10:43:38.697444449 +0200
+++ b/agent/mibgroup/hardware/cpu/cpu_linux.c 2018-09-27 11:12:07.109024625 +0200
@@ -122,6 +122,7 @@ int netsnmp_cpu_arch_load( netsnmp_cache
bsize = getpagesize()-1;
buff = (char*)malloc(bsize+1);
if (buff == NULL) {
+ close(statfd);
return -1;
}
}
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 10:43:38.711444328 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2018-09-27 11:16:45.532231535 +0200
@@ -543,15 +543,18 @@ netsnmp_access_ipaddress_extra_prefix_in
status = send (sd, &req, req.nlhdr.nlmsg_len, 0);
if (status < 0) {
snmp_log(LOG_ERR, "could not send netlink request\n");
+ close(sd);
return -1;
}
status = recv (sd, buf, sizeof(buf), 0);
if (status < 0) {
snmp_log (LOG_ERR, "could not recieve netlink request\n");
+ close(sd);
return -1;
}
if (status == 0) {
snmp_log (LOG_ERR, "nothing to read\n");
+ close(sd);
return -1;
}
for (nlmp = (struct nlmsghdr *)buf; status > sizeof(*nlmp); ){
@@ -561,11 +564,13 @@ netsnmp_access_ipaddress_extra_prefix_in
if (req_len < 0 || len > status) {
snmp_log (LOG_ERR, "invalid netlink message\n");
+ close(sd);
return -1;
}
if (!NLMSG_OK (nlmp, status)) {
snmp_log (LOG_ERR, "invalid NLMSG message\n");
+ close(sd);
return -1;
}
rtmp = (struct ifaddrmsg *)NLMSG_DATA(nlmp);

@ -0,0 +1,41 @@
diff -up net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c
--- net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c.original 2022-02-02 15:06:29.382119898 +0900
+++ net-snmp-5.8/agent/mibgroup/if-mib/data_access/interface_linux.c 2022-02-02 15:15:39.298280447 +0900
@@ -600,7 +600,6 @@ netsnmp_arch_interface_container_load(ne
{
FILE *devin;
char line[256];
- netsnmp_interface_entry *entry = NULL;
static char scan_expected = 0;
int fd;
#ifdef NETSNMP_ENABLE_IPV6
@@ -669,6 +668,7 @@ netsnmp_arch_interface_container_load(ne
* and retrieve (or create) the corresponding data structure.
*/
while (fgets(line, sizeof(line), devin)) {
+ netsnmp_interface_entry *entry = NULL;
char *stats, *ifstart = line;
u_int flags;
oid if_index;
@@ -701,6 +701,11 @@ netsnmp_arch_interface_container_load(ne
*stats++ = 0; /* null terminate name */
if_index = netsnmp_arch_interface_index_find(ifstart);
+ if (if_index == 0) {
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
+ ifstart));
+ continue;
+ }
/*
* set address type flags.
@@ -726,7 +731,7 @@ netsnmp_arch_interface_container_load(ne
continue;
}
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
if(NULL == entry) {
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

@ -0,0 +1,35 @@
From 8bb544fbd2d6986a9b73d3fab49235a4baa96c23 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sat, 31 Jul 2021 16:21:16 -0700
Subject: [PATCH] Linux: IF-MIB: Fix a memory leak
The Linux kernel regenerates proc files in their entirety every time a 4 KiB
boundary is crossed. This can result in reading the same network interface
twice if network information changes while it is being read. Fix a memory
leak that can be triggered if /proc/net/dev changes while being read.
---
agent/mibgroup/if-mib/data_access/interface_linux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
index e99360a216..215b30e806 100644
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c
@@ -921,7 +921,15 @@ netsnmp_arch_interface_container_load(netsnmp_container* container,
/*
* add to container
*/
- CONTAINER_INSERT(container, entry);
+ if (CONTAINER_INSERT(container, entry) != 0) {
+ netsnmp_interface_entry *existing =
+ CONTAINER_FIND(container, entry);
+ NETSNMP_LOGONCE((LOG_WARNING,
+ "Encountered interface with index %" NETSNMP_PRIz "u twice: %s <> %s",
+ entry->index, existing ? existing->name : "(?)",
+ entry->name));
+ netsnmp_access_interface_entry_free(entry);
+ }
}
#ifdef NETSNMP_ENABLE_IPV6
netsnmp_access_ipaddress_container_free(addr_container, 0);

@ -0,0 +1,98 @@
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
From: minfrin <minfrin@users.noreply.github.com>
Date: Tue, 5 Jan 2021 23:17:14 +0000
Subject: [PATCH] Add support for digests detected from ECC certificates
Previously, the digest could be detected on RSA certificates only. This
patch adds detection for ECC certificates.
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
back to _htmap ]
---
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007af..432cb5c27c 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
}
}
-static int _htmap[NS_HASH_MAX + 1] = {
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
+static const struct {
+ uint16_t nid;
+ uint16_t ht;
+} _htmap[] = {
+ { 0, NS_HASH_NONE },
+#ifdef NID_md5WithRSAEncryption
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
+#endif
+#ifdef NID_sha1WithRSAEncryption
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
+#endif
+#ifdef NID_ecdsa_with_SHA1
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
+#endif
+#ifdef NID_sha224WithRSAEncryption
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
+#endif
+#ifdef NID_ecdsa_with_SHA224
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
+#endif
+#ifdef NID_sha256WithRSAEncryption
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
+#endif
+#ifdef NID_ecdsa_with_SHA256
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
+#endif
+#ifdef NID_sha384WithRSAEncryption
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
+#endif
+#ifdef NID_ecdsa_with_SHA384
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
+#endif
+#ifdef NID_sha512WithRSAEncryption
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
+#endif
+#ifdef NID_ecdsa_with_SHA512
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
+#endif
+};
int
_nid2ht(int nid)
{
int i;
- for (i=1; i<= NS_HASH_MAX; ++i) {
- if (nid == _htmap[i])
- return i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].nid == nid)
+ return _htmap[i].ht;
}
return 0;
}
@@ -541,9 +577,13 @@ _nid2ht(int nid)
int
_ht2nid(int ht)
{
- if ((ht < 0) || (ht > NS_HASH_MAX))
- return 0;
- return _htmap[ht];
+ int i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].ht == ht)
+ return _htmap[i].nid;
+ }
+ return 0;
}
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */

@ -0,0 +1,12 @@
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in 2018-07-18 11:11:53.227015237 +0200
+++ b/net-snmp-create-v3-user.in 2018-07-18 11:12:13.375010176 +0200
@@ -137,7 +137,7 @@ fi
echo $line >> $outfile
prefix="@prefix@"
datarootdir="@datarootdir@"
-outfile="@datadir@/snmp/snmpd.conf"
+outfile="/etc/snmp/snmpd.conf"
line="$token $user"
echo "adding the following line to $outfile:"
echo " " $line

@ -0,0 +1,48 @@
From 1bb941d6fcd7ac2db5a54b95ee0ed07ec9861e70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Fri, 12 Mar 2021 10:15:30 +0100
Subject: [PATCH] Prevent parsing IP address twice (#199)
This fixes issue, that is caused by parsing IP address twice.
First as IPv4 and as IPv6 at second, even thow the address was
properly parsed as a valid IPv4 address.
---
snmplib/transports/snmpUDPDomain.c | 2 +-
snmplib/transports/snmpUDPIPv6Domain.c | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/snmplib/transports/snmpUDPDomain.c b/snmplib/transports/snmpUDPDomain.c
index b96497f3a3..b594a389b9 100644
--- a/snmplib/transports/snmpUDPDomain.c
+++ b/snmplib/transports/snmpUDPDomain.c
@@ -387,7 +387,7 @@ netsnmp_udp_parse_security(const char *token, char *param)
/* Nope, wasn't a dotted quad. Must be a hostname. */
int ret = netsnmp_gethostbyname_v4(sourcep, &network.s_addr);
if (ret < 0) {
- config_perror("cannot resolve source hostname");
+ config_perror("cannot resolve IPv4 source hostname");
return;
}
}
diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
index 238c8a9d63..7db19c5c02 100644
--- a/snmplib/transports/snmpUDPIPv6Domain.c
+++ b/snmplib/transports/snmpUDPIPv6Domain.c
@@ -736,7 +736,15 @@ netsnmp_udp6_parse_security(const char *token, char *param)
memset(&pton_addr.sin6_addr.s6_addr, '\0',
sizeof(struct in6_addr));
} else if (inet_pton(AF_INET6, sourcep, &pton_addr.sin6_addr) != 1) {
- /* Nope, wasn't a numeric address. Must be a hostname. */
+ /* Nope, wasn't a numeric IPv6 address. Must be IPv4 or a hostname. */
+
+ /* Try interpreting as dotted quad - IPv4 */
+ struct in_addr network;
+ if (inet_pton(AF_INET, sourcep, &network) > 0){
+ /* Yes, it's IPv4 - so it's already parsed and we can return. */
+ DEBUGMSGTL(("com2sec6", "IPv4 detected for IPv6 parser. Skipping.\n"));
+ return;
+ }
#if HAVE_GETADDRINFO
int gai_error;

@ -0,0 +1,181 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/disk.c b/agent/mibgroup/ucd-snmp/disk.c
--- a/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:29:35.867328760 +0200
+++ b/agent/mibgroup/ucd-snmp/disk.c 2020-06-10 09:44:13.053535421 +0200
@@ -153,9 +153,10 @@ static void disk_free_config(void)
static void disk_parse_config(const char *, char *);
static void disk_parse_config_all(const char *, char *);
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
-static void find_and_add_allDisks(int minpercent);
+static void refresh_disk_table(int addNewDisks, int minpercent);
static void add_device(char *path, char *device,
- int minspace, int minpercent, int override);
+ int minspace, int minpercent, int addNewDisks,
+ int override);
static void modify_disk_parameters(int index, int minspace,
int minpercent);
static int disk_exists(char *path);
@@ -167,6 +168,7 @@ struct diskpart {
char path[STRMAX];
int minimumspace;
int minpercent;
+ int alive;
};
#define MAX_INT_32 0x7fffffff
@@ -174,6 +176,7 @@ struct diskpart {
unsigned int numdisks;
int allDisksIncluded = 0;
+int allDisksMinPercent = 0;
unsigned int maxdisks = 0;
struct diskpart *disks;
@@ -238,6 +241,7 @@ init_disk(void)
disk_free_config,
"minpercent%");
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -253,6 +257,7 @@ disk_free_config(void)
disks[i].minpercent = -1;
}
allDisksIncluded = 0;
+ allDisksMinPercent = 0;
}
static void
@@ -313,7 +318,7 @@ disk_parse_config(const char *token, cha
* check if the disk already exists, if so then modify its
* parameters. if it does not exist then add it
*/
- add_device(path, find_device(path), minspace, minpercent, 1);
+ add_device(path, find_device(path), minspace, minpercent, 1, 1);
#endif /* HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS */
}
@@ -372,7 +377,7 @@ disk_parse_config_all(const char *token,
#if HAVE_FSTAB_H || HAVE_GETMNTENT || HAVE_STATFS
static void
-add_device(char *path, char *device, int minspace, int minpercent, int override)
+add_device(char *path, char *device, int minspace, int minpercent, int addNewDisks, int override)
{
int index;
@@ -402,10 +407,16 @@ add_device(char *path, char *device, int
}
index = disk_exists(path);
- if((index != -1) && (index < maxdisks) && (override==1)) {
- modify_disk_parameters(index, minspace, minpercent);
+ if((index != -1) && (index < maxdisks)) {
+ /* the path is already in the table */
+ disks[index].alive = 1;
+ /* -> update its device */
+ strlcpy(disks[index].device, device, sizeof(disks[index].device));
+ if (override == 1) {
+ modify_disk_parameters(index, minspace, minpercent);
+ }
}
- else if(index == -1){
+ else if(index == -1 && addNewDisks){
/* add if and only if the device was found */
if(device[0] != 0) {
/* The following buffers are cleared above, no need to add '\0' */
@@ -413,6 +424,7 @@ add_device(char *path, char *device, int
strlcpy(disks[numdisks].device, device, sizeof(disks[numdisks].device));
disks[numdisks].minimumspace = minspace;
disks[numdisks].minpercent = minpercent;
+ disks[numdisks].alive = 1;
numdisks++;
}
else {
@@ -420,6 +432,7 @@ add_device(char *path, char *device, int
disks[numdisks].minpercent = -1;
disks[numdisks].path[0] = 0;
disks[numdisks].device[0] = 0;
+ disks[numdisks].alive = 0;
}
}
}
@@ -444,7 +457,7 @@ int disk_exists(char *path)
}
static void
-find_and_add_allDisks(int minpercent)
+refresh_disk_table(int addNewDisks, int minpercent)
{
#if HAVE_GETMNTENT
#if HAVE_SYS_MNTTAB_H
@@ -480,7 +493,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while (mntfp && NULL != (mntent = getmntent(mntfp))) {
- add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, 0);
+ add_device(mntent->mnt_dir, mntent->mnt_fsname, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
if (mntfp)
@@ -497,7 +510,7 @@ find_and_add_allDisks(int minpercent)
return;
}
while ((i = getmntent(mntfp, &mnttab)) == 0) {
- add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, 0);
+ add_device(mnttab.mnt_mountp, mnttab.mnt_special, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
fclose(mntfp);
@@ -510,7 +523,7 @@ find_and_add_allDisks(int minpercent)
#elif HAVE_FSTAB_H
setfsent(); /* open /etc/fstab */
while((fstab1 = getfsent()) != NULL) {
- add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, 0);
+ add_device(fstab1->fs_file, fstab1->fs_spec, -1, minpercent, addNewDisks, 0);
dummy = 1;
}
endfsent(); /* close /etc/fstab */
@@ -521,7 +534,7 @@ find_and_add_allDisks(int minpercent)
mntsize = getmntinfo(&mntbuf, MNT_NOWAIT);
for (i = 0; i < mntsize; i++) {
if (strncmp(mntbuf[i].f_fstypename, "zfs", 3) == 0) {
- add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, 0);
+ add_device(mntbuf[i].f_mntonname, mntbuf[i].f_mntfromname, -1, minpercent, addNewDisks, 0);
}
}
}
@@ -537,7 +550,7 @@ find_and_add_allDisks(int minpercent)
* statfs we default to the root partition "/"
*/
if (statfs("/", &statf) == 0) {
- add_device("/", statf.f_mntfromname, -1, minpercent, 0);
+ add_device("/", statf.f_mntfromname, -1, minpercent, addNewDisks, 0);
}
#endif
else {
@@ -696,6 +709,10 @@ fill_dsk_entry(int disknum, struct dsk_e
#endif
#endif
+ if (disks[disknum].alive == 0){
+ return -1;
+ }
+
entry->dskPercentInode = -1;
#if defined(HAVE_STATVFS) || defined(HAVE_STATFS)
@@ -826,6 +843,13 @@ var_extensible_disk(struct variable *vp,
static long long_ret;
static char *errmsg;
+ int i;
+ for (i = 0; i < numdisks; i++){
+ disks[i].alive = 0;
+ }
+ /* dynamically add new disks + update alive flag */
+ refresh_disk_table(allDisksIncluded, allDisksMinPercent);
+
tryAgain:
if (header_simple_table
(vp, name, length, exact, var_len, write_method, numdisks))

@ -0,0 +1,11 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:27:03.213904398 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_common.c 2020-06-10 13:28:41.025863050 +0200
@@ -121,6 +121,7 @@ _remove_duplicates(netsnmp_container *co
for (entry = ITERATOR_FIRST(it); entry; entry = ITERATOR_NEXT(it)) {
if (prev_entry && _access_ipaddress_entry_compare_addr(prev_entry, entry) == 0) {
/* 'entry' is duplicate of the previous one -> delete it */
+ NETSNMP_LOGONCE((LOG_ERR, "Duplicate IPv4 address detected, some interfaces may not be visible in IP-MIB\n"));
netsnmp_access_ipaddress_entry_free(entry);
} else {
CONTAINER_INSERT(ret, entry);

@ -0,0 +1,30 @@
From 09a0c9005fb72102bf4f4499b28282f823e3e526 Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Wed, 18 Nov 2020 20:54:34 -0800
Subject: [PATCH] net-snmp-create-v3-user: Handle empty passphrases correctly
See also https://github.com/net-snmp/net-snmp/issues/86.
Fixes: e5ad10de8e17 ("Quote provided encryption key in createUser line")
Reported-by: Chris Cheney
---
net-snmp-create-v3-user.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
index 452c2699d..31b4c58c1 100644
--- a/net-snmp-create-v3-user.in
+++ b/net-snmp-create-v3-user.in
@@ -120,7 +120,11 @@ fi
fi
outdir="@PERSISTENT_DIRECTORY@"
outfile="$outdir/snmpd.conf"
-line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+if test "x$xpassphrase" = "x" ; then
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm"
+else
+ line="createUser $user $Aalgorithm \"$apassphrase\" $Xalgorithm \"$xpassphrase\""
+fi
echo "adding the following line to $outfile:"
echo " " $line
# in case it hasn't ever been started yet, start it.

@ -0,0 +1,25 @@
From 79f014464ba761e2430cc767b021993ab9379822 Mon Sep 17 00:00:00 2001
From: Wes Hardaker <opensource@hardakers.net>
Date: Tue, 8 Jan 2019 08:52:29 -0800
Subject: [PATCH] NEWS: snmptrap: BUG: 2899: Patch from Drew Roedersheimer to
set library engineboots/time values before sending
---
apps/snmptrap.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/apps/snmptrap.c b/apps/snmptrap.c
index d16d2fa671..12808d07e4 100644
--- a/apps/snmptrap.c
+++ b/apps/snmptrap.c
@@ -237,6 +237,9 @@ main(int argc, char *argv[])
session.engineBoots = 1;
if (session.engineTime == 0) /* not really correct, */
session.engineTime = get_uptime(); /* but it'll work. Sort of. */
+
+ set_enginetime(session.securityEngineID, session.securityEngineIDLen,
+ session.engineBoots, session.engineTime, TRUE);
}
ss = snmp_add(&session,

@ -0,0 +1,12 @@
diff -ruNp a/snmplib/read_config.c b/snmplib/read_config.c
--- a/snmplib/read_config.c 2020-06-10 09:51:57.184786510 +0200
+++ b/snmplib/read_config.c 2020-06-10 09:53:13.257507112 +0200
@@ -1642,7 +1642,7 @@ snmp_save_persistent(const char *type)
* save a warning header to the top of the new file
*/
snprintf(fileold, sizeof(fileold),
- "%s%s# Please save normal configuration tokens for %s in SNMPCONFPATH/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
+ "%s%s# Please save normal configuration tokens for %s in /etc/snmp/%s.conf.\n# Only \"createUser\" tokens should be placed here by %s administrators.\n%s",
"#\n# net-snmp (or ucd-snmp) persistent data file.\n#\n############################################################################\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n",
"#\n# **** DO NOT EDIT THIS FILE ****\n#\n# STOP STOP STOP STOP STOP STOP STOP STOP STOP \n############################################################################\n#\n# DO NOT STORE CONFIGURATION ENTRIES HERE.\n",
type, type, type,

@ -0,0 +1,67 @@
diff -urNp a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
--- a/snmplib/snmp_openssl.c 2021-06-09 12:38:23.196037329 +0200
+++ b/snmplib/snmp_openssl.c 2021-06-09 12:44:11.782503048 +0200
@@ -284,31 +284,30 @@ _cert_get_extension(X509_EXTENSION *oex
}
if (X509V3_EXT_print(bio, oext, 0, 0) != 1) {
snmp_log(LOG_ERR, "could not print extension!\n");
- BIO_vfree(bio);
- return NULL;
+ goto out;
}
space = BIO_get_mem_data(bio, &data);
if (buf && *buf) {
- if (*len < space)
- buf_ptr = NULL;
- else
- buf_ptr = *buf;
+ if (*len < space +1) {
+ snmp_log(LOG_ERR, "not enough buffer space to print extension\n");
+ goto out;
+ }
+ buf_ptr = *buf;
+ } else {
+ buf_ptr = calloc(1, space + 1);
}
- else
- buf_ptr = calloc(1,space + 1);
if (!buf_ptr) {
- snmp_log(LOG_ERR,
- "not enough space or error in allocation for extenstion\n");
- BIO_vfree(bio);
- return NULL;
+ snmp_log(LOG_ERR, "error in allocation for extenstion\n");
+ goto out;
}
memcpy(buf_ptr, data, space);
buf_ptr[space] = 0;
if (len)
*len = space;
+out:
BIO_vfree(bio);
return buf_ptr;
@@ -479,7 +478,7 @@ netsnmp_openssl_cert_dump_extensions(X50
{
X509_EXTENSION *extension;
const char *extension_name;
- char buf[SNMP_MAXBUF_SMALL], *buf_ptr = buf, *str, *lf;
+ char buf[SNMP_MAXBUF], *buf_ptr = buf, *str, *lf;
int i, num_extensions, buf_len, nid;
if (NULL == ocert)
@@ -499,6 +498,11 @@ netsnmp_openssl_cert_dump_extensions(X50
extension_name = OBJ_nid2sn(nid);
buf_len = sizeof(buf);
str = _cert_get_extension_str_at(ocert, i, &buf_ptr, &buf_len, 0);
+ if (!str) {
+ DEBUGMSGT(("9:cert:dump", " %2d: %s\n", i,
+ extension_name));
+ continue;
+ }
lf = strchr(str, '\n'); /* look for multiline strings */
if (NULL != lf)
*lf = '\0'; /* only log first line of multiline here */

@ -0,0 +1,26 @@
From cd09fd82522861830aaf9d237b26eef5f9ba50d2 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Wed, 21 Nov 2018 20:47:42 -0800
Subject: [PATCH] MIB-II: Only log once that opening /proc/net/if_inet6 failed
If IPv6 has been disabled (ipv6.disable=1) then opening /proc/net/if_inet6
fails. Only log this once instead of thousand of times a day.
Reported-by: Fif <lefif@users.sourceforge.net>
---
agent/mibgroup/ip-mib/data_access/ipaddress_linux.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
index 5ddead3e0..280575ce3 100644
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
@@ -234,7 +234,7 @@ _load_v6(netsnmp_container *container, int idx_offset)
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- snmp_log_perror("ipaddress_linux: could not open " PROCFILE);
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
return -2;
}

File diff suppressed because it is too large Load Diff

@ -0,0 +1,82 @@
diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c
--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200
+++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200
@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr)
}
#elif defined(linux)
+#include <errno.h>
static struct ifreq *ifr;
static int ifr_counter;
static void
Address_Scan_Init(void)
{
- int num_interfaces = 0;
+ int i;
int fd;
+ int lastlen = 0;
/* get info about all interfaces */
@@ -510,28 +512,45 @@ Address_Scan_Init(void)
SNMP_FREE(ifc.ifc_buf);
ifr_counter = 0;
- do
- {
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
{
DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n"));
return;
}
- num_interfaces += 16;
- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces;
- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len);
-
- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0)
- {
- ifr=NULL;
- close(fd);
- return;
- }
- close(fd);
+ /*
+ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF
+ * on some platforms; see W. R. Stevens, ``Unix Network Programming
+ * Volume I'', p.435...
+ */
+
+ for (i = 8;; i *= 2) {
+ ifc.ifc_len = sizeof(struct ifreq) * i;
+ ifc.ifc_req = calloc(i, sizeof(struct ifreq));
+
+ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
+ if (errno != EINVAL || lastlen != 0) {
+ /*
+ * Something has gone genuinely wrong...
+ */
+ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno);
+ SNMP_FREE(ifc.ifc_buf);
+ close(fd);
+ return;
+ }
+ } else {
+ if (ifc.ifc_len == lastlen) {
+ /*
+ * The length is the same as the last time; we're done...
+ */
+ break;
+ }
+ lastlen = ifc.ifc_len;
+ }
+ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */
}
- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces));
-
+
+ close(fd);
ifr = ifc.ifc_req;
}

@ -0,0 +1,12 @@
diff -urNp a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
--- a/snmplib/transports/snmpUDPIPv6Domain.c 2019-01-24 09:03:05.606441678 +0100
+++ b/snmplib/transports/snmpUDPIPv6Domain.c 2019-02-07 08:59:26.434587244 +0100
@@ -464,7 +464,7 @@ netsnmp_udp6_transport(const struct sock
NETSNMP_DS_LIB_CLIENT_ADDR);
if (client_socket) {
struct sockaddr_in6 client_addr;
- if(!netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
+ if(netsnmp_sockaddr_in6_2(&client_addr, client_socket, NULL)) {
return netsnmp_udp6_transport_with_source(addr, local,
&client_addr);
}

@ -0,0 +1,38 @@
diff -up net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
--- net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c.rhbz2134359 2022-10-13 11:10:12.206072210 +0200
+++ net-snmp-5.7.2/agent/mibgroup/ip-mib/data_access/systemstats_linux.c 2022-10-13 11:10:40.893111569 +0200
@@ -566,6 +566,7 @@ _systemstats_v6_load_systemstats(netsnmp
DEBUGMSGTL(("access:systemstats",
"Failed to load Systemstats Table (linux1), cannot open %s\n",
filename));
+ netsnmp_access_systemstats_entry_free(entry);
return 0;
}
diff --git a/agent/mibgroup/ucd-snmp/lmsensorsMib.c b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
index f709812fdc..ef93eeedc9 100644
--- a/agent/mibgroup/ucd-snmp/lmsensorsMib.c
+++ b/agent/mibgroup/ucd-snmp/lmsensorsMib.c
@@ -94,7 +94,9 @@ initialize_lmSensorsTable(const char *tableName, const oid *tableOID,
netsnmp_table_helper_add_indexes(table_info, ASN_INTEGER, 0);
table_info->min_column = COLUMN_LMSENSORS_INDEX;
table_info->max_column = COLUMN_LMSENSORS_VALUE;
- netsnmp_container_table_register( reg, table_info, container, 0 );
+ if (netsnmp_container_table_register(reg, table_info, container, 0) !=
+ SNMPERR_SUCCESS)
+ return;
/*
* If the HAL sensors module was configured as an on-demand caching
diff -up net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 net-snmp-5.7.2/snmplib/snmp_logging.c
--- net-snmp-5.7.2/snmplib/snmp_logging.c.rhbz2134359 2022-10-13 11:11:25.599172905 +0200
+++ net-snmp-5.7.2/snmplib/snmp_logging.c 2022-10-13 11:12:26.986257126 +0200
@@ -534,7 +534,7 @@ snmp_log_options(char *optarg, int argc,
char *
snmp_log_syslogname(const char *pstr)
{
- if (pstr)
+ if (pstr && (pstr != syslogname))
strlcpy (syslogname, pstr, sizeof(syslogname));
return syslogname;

@ -0,0 +1,31 @@
diff -urNp a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c
--- a/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-09-29 14:08:09.742478965 +0200
+++ b/agent/mibgroup/ip-mib/data_access/ipaddress_linux.c 2020-10-01 14:20:25.575174851 +0200
@@ -19,6 +19,7 @@
#include <errno.h>
#include <sys/ioctl.h>
+#include <sys/stat.h>
netsnmp_feature_require(prefix_info)
netsnmp_feature_require(find_prefix_info)
@@ -234,7 +235,18 @@ _load_v6(netsnmp_container *container, i
#define PROCFILE "/proc/net/if_inet6"
if (!(in = fopen(PROCFILE, "r"))) {
- NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+
+ /*
+ * If PROCFILE exists, but isn't readable, file ERROR message.
+ * Otherwise log nothing, due of IPv6 support on this machine is
+ * intentionaly disabled/unavailable.
+ */
+
+ struct stat filestat;
+
+ if(stat(PROCFILE, &filestat) == 0){
+ NETSNMP_LOGONCE((LOG_ERR, "ipaddress_linux: could not open " PROCFILE));
+ }
return -2;
}

@ -0,0 +1,12 @@
diff -urNp a/apps/Makefile.in b/apps/Makefile.in
--- a/apps/Makefile.in 2018-07-18 15:39:28.069251000 +0200
+++ b/apps/Makefile.in 2018-07-18 15:54:52.261943123 +0200
@@ -230,7 +230,7 @@ snmppcap$(EXEEXT): snmppcap.$(OSUFFIX
$(LINK) ${CFLAGS} -o $@ snmppcap.$(OSUFFIX) ${LDFLAGS} ${LIBS} -lpcap
libnetsnmptrapd.$(LIB_EXTENSION)$(LIB_VERSION): $(LLIBTRAPD_OBJS)
- $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS)
+ $(LIB_LD_CMD) $@ ${LLIBTRAPD_OBJS} $(MIBLIB) $(USELIBS) $(PERLLDOPTS_FOR_LIBS) $(LIB_LD_LIBS) $(MYSQL_LIBS)
$(RANLIB) $@
snmpinforminstall:

@ -0,0 +1,36 @@
diff -urNp a/man/net-snmp-create-v3-user.1.def b/man/net-snmp-create-v3-user.1.def
--- a/man/net-snmp-create-v3-user.1.def 2020-06-10 13:43:18.443070961 +0200
+++ b/man/net-snmp-create-v3-user.1.def 2020-06-10 13:49:25.975363441 +0200
@@ -3,7 +3,7 @@
net-snmp-create-v3-user \- create a SNMPv3 user in net-snmp configuration file
.SH SYNOPSIS
.PP
-.B net-snmp-create-v3-user [-ro] [-a authpass] [-x privpass] [-X DES|AES]
+.B net-snmp-create-v3-user [-ro] [-A authpass] [-a MD5|SHA] [-X privpass] [-x DES|AES]
.B [username]
.SH DESCRIPTION
.PP
@@ -16,13 +16,16 @@ new user in net-snmp configuration file
displays the net-snmp version number
.TP
\fB\-ro\fR
-create an user with read-only permissions
+creates a user with read-only permissions
.TP
-\fB\-a authpass\fR
-specify authentication password
+\fB\-A authpass\fR
+specifies the authentication password
.TP
-\fB\-x privpass\fR
-specify encryption password
+\fB\-a MD5|SHA\fR
+specifies the authentication password hashing algorithm
.TP
-\fB\-X DES|AES\fR
-specify encryption algorithm
+\fB\-X privpass\fR
+specifies the encryption password
+.TP
+\fB\-x DES|AES\fR
+specifies the encryption algorithm

@ -0,0 +1,143 @@
From 5b8bf5d4130761c3374f9ad618e8a76bb75eb634 Mon Sep 17 00:00:00 2001
From: Yuwei Ba <i@xiaoba.me>
Date: Fri, 21 Aug 2020 15:06:10 +0800
Subject: [PATCH] snmpd: support MemAvailable on Linux
See also https://github.com/net-snmp/net-snmp/pull/167 .
[bvanassche: modified the behavior of this patch]
---
agent/mibgroup/hardware/memory/memory_linux.c | 20 ++++++++++++++++++-
agent/mibgroup/ucd-snmp/memory.c | 12 ++++++++++-
agent/mibgroup/ucd-snmp/memory.h | 1 +
include/net-snmp/agent/hardware/memory.h | 1 +
mibs/UCD-SNMP-MIB.txt | 16 +++++++++++++++
5 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
index 6d5e86cde4..4ae235c2d0 100644
--- a/agent/mibgroup/hardware/memory/memory_linux.c
+++ b/agent/mibgroup/hardware/memory/memory_linux.c
@@ -24,7 +24,8 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
static int first = 1;
ssize_t bytes_read;
char *b;
- unsigned long memtotal = 0, memfree = 0, memshared = 0,
+ int have_memavail = 0;
+ unsigned long memtotal = 0, memavail = 0, memfree = 0, memshared = 0,
buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
@@ -81,6 +82,11 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
if (first)
snmp_log(LOG_ERR, "No MemTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "MemAvailable: ");
+ if (b) {
+ have_memavail = 1;
+ sscanf(b, "MemAvailable: %lu", &memavail);
+ }
b = strstr(buff, "MemFree: ");
if (b)
sscanf(b, "MemFree: %lu", &memfree);
@@ -151,6 +157,18 @@ int netsnmp_mem_arch_load( netsnmp_cache *cache, void *magic ) {
mem->other = -1;
}
+ if (have_memavail) {
+ mem = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 1);
+ if (mem) {
+ if (!mem->descr)
+ mem->descr = strdup("Available memory");
+ mem->units = 1024;
+ mem->size = memavail;
+ mem->free = memavail;
+ mem->other = -1;
+ }
+ }
+
mem = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_VIRTMEM, 1 );
if (!mem) {
snmp_log_perror("No Virtual Memory info entry");
diff --git a/agent/mibgroup/ucd-snmp/memory.c b/agent/mibgroup/ucd-snmp/memory.c
index 371a77e9a5..158b28e67b 100644
--- a/agent/mibgroup/ucd-snmp/memory.c
+++ b/agent/mibgroup/ucd-snmp/memory.c
@@ -26,7 +26,7 @@ init_memory(void)
netsnmp_create_handler_registration("memory", handle_memory,
memory_oid, OID_LENGTH(memory_oid),
HANDLER_CAN_RONLY),
- 1, 26);
+ 1, 27);
netsnmp_register_scalar(
netsnmp_create_handler_registration("memSwapError", handle_memory,
memSwapError_oid, OID_LENGTH(memSwapError_oid),
@@ -272,6 +272,16 @@ handle_memory(netsnmp_mib_handler *handler,
c64.low = val & 0xFFFFFFFF;
c64.high = val >>32;
break;
+ case MEMORY_SYS_AVAIL:
+ type = ASN_COUNTER64;
+ mem_info = netsnmp_memory_get_byIdx(NETSNMP_MEM_TYPE_AVAILMEM, 0);
+ if (!mem_info)
+ goto NOSUCH;
+ val = mem_info->size; /* memavail */
+ val *= (mem_info->units/1024);
+ c64.low = val & 0xFFFFFFFF;
+ c64.high = val >> 32;
+ break;
case MEMORY_SWAP_ERROR:
mem_info = netsnmp_memory_get_byIdx( NETSNMP_MEM_TYPE_SWAP, 0 );
if (!mem_info)
diff --git a/agent/mibgroup/ucd-snmp/memory.h b/agent/mibgroup/ucd-snmp/memory.h
index ded2140227..54a56a2fdb 100644
--- a/agent/mibgroup/ucd-snmp/memory.h
+++ b/agent/mibgroup/ucd-snmp/memory.h
@@ -41,6 +41,7 @@ Netsnmp_Node_Handler handle_memory;
#define MEMORY_SHARED_X 24
#define MEMORY_BUFFER_X 25
#define MEMORY_CACHED_X 26
+#define MEMORY_SYS_AVAIL 27
#define MEMORY_SWAP_ERROR 100
#define MEMORY_SWAP_ERRMSG 101
#endif /* MEMORY_H */
diff --git a/include/net-snmp/agent/hardware/memory.h b/include/net-snmp/agent/hardware/memory.h
index 54265cf22a..aca3a4d00d 100644
--- a/include/net-snmp/agent/hardware/memory.h
+++ b/include/net-snmp/agent/hardware/memory.h
@@ -10,6 +10,7 @@ typedef struct netsnmp_memory_info_s netsnmp_memory_info;
#define NETSNMP_MEM_TYPE_SHARED 8
#define NETSNMP_MEM_TYPE_SHARED2 9
#define NETSNMP_MEM_TYPE_SWAP 10
+#define NETSNMP_MEM_TYPE_AVAILMEM 11
/* Leave space for individual swap devices */
#define NETSNMP_MEM_TYPE_MAX 30
diff --git a/mibs/UCD-SNMP-MIB.txt b/mibs/UCD-SNMP-MIB.txt
index cde67feb50..d360bad025 100644
--- a/mibs/UCD-SNMP-MIB.txt
+++ b/mibs/UCD-SNMP-MIB.txt
@@ -746,6 +746,22 @@ memCachedX OBJECT-TYPE
memory as specifically reserved for this purpose."
::= { memory 26 }
+memSysAvail OBJECT-TYPE
+ SYNTAX CounterBasedGauge64
+ UNITS "kB"
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The total amount of available memory, which is an estimate
+ of how much memory is available for starting new applications,
+ without swapping.
+
+ This object will not be implemented on hosts where the
+ underlying operating system does not explicitly identify
+ memory as specifically reserved for this purpose."
+ ::= { memory 27 }
+
+
memSwapError OBJECT-TYPE
SYNTAX UCDErrorFlag
MAX-ACCESS read-only

@ -0,0 +1,92 @@
From c6facf2f080c9e1ea803e4884dc92889ec83d990 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Wed, 10 Oct 2018 21:42:35 -0700
Subject: [PATCH] snmplib/keytools: Fix a memory leak
Avoid that Valgrind reports the following memory leak:
17,328 bytes in 361 blocks are definitely lost in loss record 696 of 704
at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
by 0x52223B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x52DDB06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
by 0x4E9885D: generate_Ku (keytools.c:186)
by 0x40171F: asynchronous (leaktest.c:276)
by 0x400FE7: main (leaktest.c:356)
---
snmplib/keytools.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
index 2cf0240abf..dcdae044ac 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -186,11 +186,15 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
ctx = EVP_MD_CTX_create();
#else
ctx = malloc(sizeof(*ctx));
- if (!EVP_MD_CTX_init(ctx))
- return SNMPERR_GENERR;
+ if (!EVP_MD_CTX_init(ctx)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#endif
- if (!EVP_DigestInit(ctx, hashfn))
- return SNMPERR_GENERR;
+ if (!EVP_DigestInit(ctx, hashfn)) {
+ rval = SNMPERR_GENERR;
+ goto generate_Ku_quit;
+ }
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
From 67726f2a74007b5b4117fe49ca1e02c86110b624 Mon Sep 17 00:00:00 2001
From: Drew A Roedersheimer <Drew.A.Roedersheimer@leidos.com>
Date: Tue, 9 Oct 2018 23:28:25 +0000
Subject: [PATCH] snmplib: Fix a memory leak in scapi.c
This patch avoids that Valgrind reports the following leak:
==1069== 3,456 bytes in 72 blocks are definitely lost in loss record 1,568 of 1,616
==1069== at 0x4C29BE3: malloc (vg_replace_malloc.c:299)
==1069== by 0x70A63B7: CRYPTO_malloc (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x7161B06: EVP_MD_CTX_create (in /usr/lib64/libcrypto.so.1.0.2k)
==1069== by 0x4EA3017: sc_hash (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1CD8: hash_engineID (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA1DEC: search_enginetime_list (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EA2256: set_enginetime (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC495E: usm_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4EC58CA: usm_secmod_process_in_msg (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7B91D: snmpv3_parse (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7C1F6: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
==1069== by 0x4E7CE94: ??? (in /usr/lib64/libnetsnmp.so.31.0.2)
[ bvanassche: minimized diffs / edited commit message ]
---
snmplib/scapi.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
index 8ad1d70d90..54310099d8 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -967,7 +967,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
/* requested hash function is not available */
- return SNMPERR_SC_NOT_CONFIGURED;
+ rval = SNMPERR_SC_NOT_CONFIGURED;
+ goto sc_hash_type_quit;
}
/** pass the data */
@@ -976,6 +977,8 @@ sc_hash_type(int auth_type, const u_char * buf, size_t buf_len, u_char * MAC,
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
+
+sc_hash_type_quit:
#if defined(HAVE_EVP_MD_CTX_FREE)
EVP_MD_CTX_free(cptr);
#elif defined(HAVE_EVP_MD_CTX_DESTROY)

@ -0,0 +1,35 @@
diff -urNp a/agent/mibgroup/hardware/memory/memory_linux.c b/agent/mibgroup/hardware/memory/memory_linux.c
--- a/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:36:40.164588176 +0200
+++ b/agent/mibgroup/hardware/memory/memory_linux.c 2020-06-10 13:38:59.398944829 +0200
@@ -29,7 +29,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
ssize_t bytes_read;
char *b;
unsigned long memtotal = 0, memfree = 0, memshared = 0,
- buffers = 0, cached = 0,
+ buffers = 0, cached = 0, sreclaimable = 0,
swaptotal = 0, swapfree = 0;
netsnmp_memory_info *mem;
@@ -127,6 +127,13 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (first)
snmp_log(LOG_ERR, "No SwapTotal line in /proc/meminfo\n");
}
+ b = strstr(buff, "SReclaimable: ");
+ if (b)
+ sscanf(b, "SReclaimable: %lu", &sreclaimable);
+ else {
+ if (first)
+ snmp_log(LOG_ERR, "No SReclaimable line in /proc/meminfo\n");
+ }
b = strstr(buff, "SwapFree: ");
if (b)
sscanf(b, "SwapFree: %lu", &swapfree);
@@ -183,7 +190,7 @@ int netsnmp_mem_arch_load( netsnmp_cache
if (!mem->descr)
mem->descr = strdup("Cached memory");
mem->units = 1024;
- mem->size = cached;
+ mem->size = cached+sreclaimable;
mem->free = 0; /* Report cached size/used as equal */
mem->other = -1;
}

@ -0,0 +1,83 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:12:19.583503903 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2018-07-18 16:50:38.599703588 +0200
@@ -102,7 +102,6 @@ netsnmp_swinst_arch_load( netsnmp_contai
rpmtd td_name, td_version, td_release, td_group, td_time;
#else
char *n, *v, *r, *g;
- int32_t *t;
#endif
time_t install_time;
size_t date_len;
@@ -146,14 +145,13 @@ netsnmp_swinst_arch_load( netsnmp_contai
install_time = rpmtdGetNumber(td_time);
g = rpmtdGetString(td_group);
#else
- headerGetEntry( h, RPMTAG_NAME, NULL, (void**)&n, NULL);
- headerGetEntry( h, RPMTAG_VERSION, NULL, (void**)&v, NULL);
- headerGetEntry( h, RPMTAG_RELEASE, NULL, (void**)&r, NULL);
- headerGetEntry( h, RPMTAG_GROUP, NULL, (void**)&g, NULL);
- headerGetEntry( h, RPMTAG_INSTALLTIME, NULL, (void**)&t, NULL);
+ n = headerGetString( h, RPMTAG_NAME);
+ v = headerGetString( h, RPMTAG_VERSION);
+ r = headerGetString( h, RPMTAG_RELEASE);
+ g = headerGetString( h, RPMTAG_GROUP);
+ install_time = headerGetNumber( h, RPMTAG_INSTALLTIME);
entry->swName_len = snprintf( entry->swName, sizeof(entry->swName),
"%s-%s-%s", n, v, r);
- install_time = *t;
#endif
entry->swType = (g && NULL != strstr( g, "System Environment"))
? 2 /* operatingSystem */
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2018-07-18 16:12:19.582503907 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2018-07-18 17:09:29.716564197 +0200
@@ -479,9 +479,9 @@ var_hrswinst(struct variable * vp,
}
#else
# ifdef HAVE_LIBRPM
- char *rpm_groups;
- if ( headerGetEntry(swi->swi_h, RPMTAG_GROUP, NULL, (void **) &rpm_groups, NULL) ) {
- if ( strstr(rpm_groups, "System Environment") != NULL )
+ const char *rpm_group = headerGetString(swi->swi_h, RPMTAG_GROUP);
+ if ( NULL != rpm_group ) {
+ if ( strstr(rpm_group, "System Environment") != NULL )
long_return = 2; /* operatingSystem */
else
long_return = 4; /* applcation */
@@ -498,9 +498,8 @@ var_hrswinst(struct variable * vp,
case HRSWINST_DATE:
{
#ifdef HAVE_LIBRPM
- int32_t *rpm_data;
- if ( headerGetEntry(swi->swi_h, RPMTAG_INSTALLTIME, NULL, (void **) &rpm_data, NULL) ) {
- time_t installTime = *rpm_data;
+ time_t installTime = headerGetNumber(swi->swi_h, RPMTAG_INSTALLTIME);
+ if ( 0 != installTime ) {
ret = date_n_time(&installTime, var_len);
} else {
ret = date_n_time(NULL, var_len);
@@ -660,7 +659,7 @@ Save_HR_SW_info(int ix)
if (1 <= ix && ix <= swi->swi_nrec && ix != swi->swi_prevx) {
int offset;
Header h;
- char *n, *v, *r;
+ const char *n, *v, *r;
offset = swi->swi_recs[ix - 1];
@@ -685,11 +684,9 @@ Save_HR_SW_info(int ix)
swi->swi_h = h;
swi->swi_prevx = ix;
- headerGetEntry(swi->swi_h, RPMTAG_NAME, NULL, (void **) &n, NULL);
- headerGetEntry(swi->swi_h, RPMTAG_VERSION, NULL, (void **) &v,
- NULL);
- headerGetEntry(swi->swi_h, RPMTAG_RELEASE, NULL, (void **) &r,
- NULL);
+ n = headerGetString(swi->swi_h, RPMTAG_NAME);
+ v = headerGetString(swi->swi_h, RPMTAG_VERSION);
+ r = headerGetString(swi->swi_h, RPMTAG_RELEASE);
snprintf(swi->swi_name, sizeof(swi->swi_name), "%s-%s-%s", n, v, r);
swi->swi_name[ sizeof(swi->swi_name)-1 ] = 0;
}

@ -0,0 +1,45 @@
diff -urNp a/man/netsnmp_config_api.3.def b/man/netsnmp_config_api.3.def
--- a/man/netsnmp_config_api.3.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/netsnmp_config_api.3.def 2018-07-18 11:20:04.631679886 +0200
@@ -295,7 +295,7 @@ for one particular machine.
.PP
The default list of directories to search is \fC SYSCONFDIR/snmp\fP,
followed by \fC DATADIR/snmp\fP,
-followed by \fC LIBDIR/snmp\fP,
+followed by \fC /usr/lib(64)/snmp\fP,
followed by \fC $HOME/.snmp\fP.
This list can be changed by setting the environmental variable
.I SNMPCONFPATH
@@ -367,7 +367,7 @@ A colon separated list of directories to
files in.
Default:
.br
-SYSCONFDIR/snmp:\:DATADIR/snmp:\:LIBDIR/snmp:\:$HOME/.snmp
+SYSCONFDIR/snmp:\:DATADIR/snmp:\:/usr/lib(64)/snmp:\:$HOME/.snmp
.SH "SEE ALSO"
netsnmp_mib_api(3), snmp_api(3)
.\" Local Variables:
diff -urNp a/man/snmp_config.5.def b/man/snmp_config.5.def
--- a/man/snmp_config.5.def 2018-07-18 11:18:06.194792767 +0200
+++ b/man/snmp_config.5.def 2018-07-18 11:20:56.423626117 +0200
@@ -10,7 +10,7 @@ First off, there are numerous places tha
found and read from. By default, the applications look for
configuration files in the following 4 directories, in order:
SYSCONFDIR/snmp,
-DATADIR/snmp, LIBDIR/snmp, and $HOME/.snmp. In each of these
+DATADIR/snmp, /usr/lib(64)/snmp, and $HOME/.snmp. In each of these
directories, it looks for files snmp.conf, snmpd.conf and/or
snmptrapd.conf, as well as snmp.local.conf, snmpd.local.conf
and/or snmptrapd.local.conf. *.local.conf are always
diff -urNp a/man/snmpd.conf.5.def b/man/snmpd.conf.5.def
--- a/man/snmpd.conf.5.def 2018-07-18 11:18:06.196792766 +0200
+++ b/man/snmpd.conf.5.def 2018-07-18 11:21:44.263574388 +0200
@@ -1559,7 +1559,7 @@ filename), and call the initialisation r
.RS
.IP "Note:"
If the specified PATH is not a fully qualified filename, it will
-be interpreted relative to LIBDIR/snmp/dlmod, and \fC.so\fR
+be interpreted relative to /usr/lib(64)/snmp/dlmod, and \fC.so\fR
will be appended to the filename.
.RE
.PP

@ -0,0 +1,12 @@
diff -ruNp a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
--- a/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:24:24.933347483 +0200
+++ b/agent/mibgroup/ucd-snmp/proxy.c 2020-06-10 09:25:49.007148474 +0200
@@ -460,7 +460,7 @@ proxy_handler(netsnmp_mib_handler *handl
if (sp->base_len &&
reqinfo->mode == MODE_GETNEXT &&
(snmp_oid_compare(ourname, ourlength,
- sp->base, sp->base_len) < 0)) {
+ sp->name, sp->name_len) < 0)) {
DEBUGMSGTL(( "proxy", "request is out of registered range\n"));
/*
* Create GETNEXT request with an OID so the

@ -0,0 +1,33 @@
From 6fd7499ccaafdf244a74306972562b2091cb91b1 Mon Sep 17 00:00:00 2001
From: fisabelle <fisabelle@broadsoft.com>
Date: Thu, 9 Jul 2020 15:49:35 -0400
Subject: [PATCH] Issue#147: Net-SNMP not responding when proxy requests times
out
---
agent/mibgroup/ucd-snmp/proxy.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/agent/mibgroup/ucd-snmp/proxy.c b/agent/mibgroup/ucd-snmp/proxy.c
index 24ae9322bd..e0ee96b29a 100644
--- a/agent/mibgroup/ucd-snmp/proxy.c
+++ b/agent/mibgroup/ucd-snmp/proxy.c
@@ -572,6 +572,17 @@ proxy_got_response(int operation, netsnmp_session * sess, int reqid,
}
switch (operation) {
+ case NETSNMP_CALLBACK_OP_RESEND:
+ /*
+ * Issue#147: Net-SNMP not responding when proxy requests times out
+ *
+ * When snmp_api issue a resend, the default case was hit and the
+ * delagated cache was freed.
+ * As a result, the NETSNMP_CALLBACK_OP_TIMED_OUT never came in.
+ */
+ DEBUGMSGTL(("proxy", "pdu has been resent for request = %8p\n", requests));
+ return SNMP_ERR_NOERROR;
+
case NETSNMP_CALLBACK_OP_TIMED_OUT:
/*
* WWWXXX: don't leave requests delayed if operation is

@ -0,0 +1,26 @@
diff -urNp a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c
--- a/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:32:43.330486233 +0200
+++ b/agent/mibgroup/host/data_access/swinst_rpm.c 2020-06-10 14:35:46.672298741 +0200
@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void)
snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath );
SNMP_FREE(rpmdbpath);
dbpath = NULL;
+#ifdef HAVE_RPMGETPATH
+ rpmFreeRpmrc();
+#endif
if (-1 == stat( pkg_directory, &stat_buf )) {
snmp_log(LOG_ERR, "Can't find directory of RPM packages");
pkg_directory[0] = '\0';
diff -urNp a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c
--- a/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:32:43.325486184 +0200
+++ b/agent/mibgroup/host/hr_swinst.c 2020-06-10 14:36:44.423872418 +0200
@@ -231,6 +231,9 @@ init_hr_swinst(void)
snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath);
path[ sizeof(path)-1 ] = 0;
swi->swi_directory = strdup(path);
+#ifdef HAVE_RPMGETPATH
+ rpmFreeRpmrc();
+#endif
}
#else
# ifdef _PATH_HRSW_directory

@ -0,0 +1,146 @@
diff -urNp a/include/net-snmp/library/snmpusm.h b/include/net-snmp/library/snmpusm.h
--- a/include/net-snmp/library/snmpusm.h 2020-03-16 09:54:29.883655600 +0100
+++ b/include/net-snmp/library/snmpusm.h 2020-03-16 09:55:24.142944520 +0100
@@ -43,6 +43,7 @@ extern "C" {
* Structures.
*/
struct usmStateReference {
+ int refcnt;
char *usr_name;
size_t usr_name_length;
u_char *usr_engine_id;
diff -urNp a/snmplib/snmp_client.c b/snmplib/snmp_client.c
--- a/snmplib/snmp_client.c 2020-03-16 09:54:29.892655813 +0100
+++ b/snmplib/snmp_client.c 2020-03-16 09:58:13.214021890 +0100
@@ -402,27 +402,16 @@ _clone_pdu_header(netsnmp_pdu *pdu)
return NULL;
}
- if (pdu->securityStateRef &&
- pdu->command == SNMP_MSG_TRAP2) {
-
- ret = usm_clone_usmStateReference((struct usmStateReference *) pdu->securityStateRef,
- (struct usmStateReference **) &newpdu->securityStateRef );
-
- if (ret)
- {
+ sptr = find_sec_mod(newpdu->securityModel);
+ if (sptr && sptr->pdu_clone) {
+ /* call security model if it needs to know about this */
+ ret = sptr->pdu_clone(pdu, newpdu);
+ if (ret) {
snmp_free_pdu(newpdu);
return NULL;
}
}
- if ((sptr = find_sec_mod(newpdu->securityModel)) != NULL &&
- sptr->pdu_clone != NULL) {
- /*
- * call security model if it needs to know about this
- */
- (*sptr->pdu_clone) (pdu, newpdu);
- }
-
return newpdu;
}
diff -urNp a/snmplib/snmpusm.c b/snmplib/snmpusm.c
--- a/snmplib/snmpusm.c 2020-03-16 09:54:29.894655860 +0100
+++ b/snmplib/snmpusm.c 2020-03-16 10:03:38.870027530 +0100
@@ -285,43 +285,64 @@ free_enginetime_on_shutdown(int majorid,
struct usmStateReference *
usm_malloc_usmStateReference(void)
{
- struct usmStateReference *retval = (struct usmStateReference *)
- calloc(1, sizeof(struct usmStateReference));
+ struct usmStateReference *retval;
+
+ retval = calloc(1, sizeof(struct usmStateReference));
+ if (retval)
+ retval->refcnt = 1;
return retval;
} /* end usm_malloc_usmStateReference() */
+static int
+usm_clone(netsnmp_pdu *pdu, netsnmp_pdu *new_pdu)
+{
+ struct usmStateReference *ref = pdu->securityStateRef;
+ struct usmStateReference **new_ref =
+ (struct usmStateReference **)&new_pdu->securityStateRef;
+ int ret = 0;
+
+ if (!ref)
+ return ret;
+
+ if (pdu->command == SNMP_MSG_TRAP2) {
+ netsnmp_assert(pdu->securityModel == SNMP_DEFAULT_SECMODEL);
+ ret = usm_clone_usmStateReference(ref, new_ref);
+ } else {
+ netsnmp_assert(ref == *new_ref);
+ ref->refcnt++;
+ }
+
+ return ret;
+}
+
void
usm_free_usmStateReference(void *old)
{
- struct usmStateReference *old_ref = (struct usmStateReference *) old;
+ struct usmStateReference *ref = old;
- if (old_ref) {
+ if (!ref)
+ return;
- if (old_ref->usr_name_length)
- SNMP_FREE(old_ref->usr_name);
- if (old_ref->usr_engine_id_length)
- SNMP_FREE(old_ref->usr_engine_id);
- if (old_ref->usr_auth_protocol_length)
- SNMP_FREE(old_ref->usr_auth_protocol);
- if (old_ref->usr_priv_protocol_length)
- SNMP_FREE(old_ref->usr_priv_protocol);
-
- if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
- SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
- SNMP_FREE(old_ref->usr_auth_key);
- }
- if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
- SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
- SNMP_FREE(old_ref->usr_priv_key);
- }
+ if (--ref->refcnt > 0)
+ return;
- SNMP_ZERO(old_ref, sizeof(*old_ref));
- SNMP_FREE(old_ref);
+ SNMP_FREE(ref->usr_name);
+ SNMP_FREE(ref->usr_engine_id);
+ SNMP_FREE(ref->usr_auth_protocol);
+ SNMP_FREE(ref->usr_priv_protocol);
+ if (ref->usr_auth_key_length && ref->usr_auth_key) {
+ SNMP_ZERO(ref->usr_auth_key, ref->usr_auth_key_length);
+ SNMP_FREE(ref->usr_auth_key);
+ }
+ if (ref->usr_priv_key_length && ref->usr_priv_key) {
+ SNMP_ZERO(ref->usr_priv_key, ref->usr_priv_key_length);
+ SNMP_FREE(ref->usr_priv_key);
}
+ SNMP_FREE(ref);
} /* end usm_free_usmStateReference() */
struct usmUser *
@@ -3316,6 +3337,7 @@ init_usm(void)
def->encode_reverse = usm_secmod_rgenerate_out_msg;
def->encode_forward = usm_secmod_generate_out_msg;
def->decode = usm_secmod_process_in_msg;
+ def->pdu_clone = usm_clone;
def->pdu_free_state_ref = usm_free_usmStateReference;
def->session_setup = usm_session_init;
def->handle_report = usm_handle_report;

@ -0,0 +1,84 @@
diff -urNp a/agent/snmp_agent.c b/agent/snmp_agent.c
--- a/agent/snmp_agent.c 2020-06-11 10:20:31.646339191 +0200
+++ b/agent/snmp_agent.c 2020-06-11 10:23:41.178056889 +0200
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
- /* Clean up securityStateRef here to prevent a double free */
- if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
- snmp_free_securityStateRef(asp->orig_pdu);
- if (asp->pdu && asp->pdu->securityStateRef)
- snmp_free_securityStateRef(asp->pdu);
-
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
--- a/include/net-snmp/pdu_api.h 2020-06-11 10:20:31.631339058 +0200
+++ b/include/net-snmp/pdu_api.h 2020-06-11 10:24:17.261390028 +0200
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
-NETSNMP_IMPORT
-void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp a/snmplib/snmp_api.c b/snmplib/snmp_api.c
--- a/snmplib/snmp_api.c 2020-06-11 10:20:31.695339627 +0200
+++ b/snmplib/snmp_api.c 2020-06-11 10:33:55.510891945 +0200
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
-/*
- * This function is here to provide a separate call to
- * free the securityStateRef memory. This is needed to prevent
- * a double free if this memory is freed in snmp_free_pdu.
- */
-void
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
-{
- free_securityStateRef(pdu);
-}
-
#define ERROR_STAT_LENGTH 11
int
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
if (!pdu)
return;
+ free_securityStateRef(pdu);
+
/*
* If the command field is empty, that probably indicates
* that this PDU structure has already been freed.
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *ses
}
if (ret != SNMP_ERR_NOERROR) {
- /*
- * Call the security model to free any securityStateRef supplied w/ msg.
- */
- if (pdu->securityStateRef != NULL) {
- free_securityStateRef(pdu);
- }
snmp_free_pdu(pdu);
return NULL;
}
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *se
}
}
- /*
- * Call USM to free any securityStateRef supplied with the message.
- */
- if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
- free_securityStateRef(pdu);
-
if (!handled) {
if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
return -2;

@ -0,0 +1,12 @@
diff -urNp a/snmplib/transports/snmpUDPBaseDomain.c b/snmplib/transports/snmpUDPBaseDomain.c
--- a/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:20:56.776099134 +0200
+++ b/snmplib/transports/snmpUDPBaseDomain.c 2023-08-01 08:23:18.921323874 +0200
@@ -293,7 +293,7 @@ int netsnmp_udpbase_sendto(int fd, const
}
rc = sendmsg(fd, &m, MSG_NOSIGNAL|MSG_DONTWAIT);
- if (rc >= 0 || errno != EINVAL)
+ if (rc >= 0 || (errno != EINVAL && errno != ENETUNREACH))
return rc;
/*

@ -0,0 +1,30 @@
Don't check tests which depend on DNS - it's disabled in Koji
diff -urNp a/testing/fulltests/default/T070com2sec_simple b/testing/fulltests/default/T070com2sec_simple
--- a/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:52:56.081185545 +0200
+++ b/testing/fulltests/default/T070com2sec_simple 2018-07-18 11:54:18.843968880 +0200
@@ -134,6 +134,10 @@ SAVECHECKAGENT '<"c406a", 255.255.255.25
SAVECHECKAGENT 'line 30: Error:' # msg from h_strerror so it varies
SAVECHECKAGENT 'line 31: Error:' # msg from h_strerror so it varies
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
CHECKAGENT '<"c408a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then
CHECKAGENT 'line 32: Error:'
diff -urNp a/testing/fulltests/default/T071com2sec6_simple b/testing/fulltests/default/T071com2sec6_simple
--- a/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:52:56.080185548 +0200
+++ b/testing/fulltests/default/T071com2sec6_simple 2018-07-18 11:55:17.779818732 +0200
@@ -132,6 +132,10 @@ SAVECHECKAGENT '<"c606a", ffff:ffff:ffff
SAVECHECKAGENT 'line 27: Error:'
SAVECHECKAGENT 'line 28: Error:'
+FINISHED
+
+# don't test the rest, it depends on DNS, which is not available in Koji
+
# 608
CHECKAGENT '<"c608a"'
if [ "$snmp_last_test_result" -eq 0 ] ; then

@ -0,0 +1,21 @@
diff -urNp old/snmplib/transports/snmpUDPIPv4BaseDomain.c new/snmplib/transports/snmpUDPIPv4BaseDomain.c
--- old/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:40:48.663969034 +0200
+++ new/snmplib/transports/snmpUDPIPv4BaseDomain.c 2019-06-27 08:42:05.293723487 +0200
@@ -317,7 +317,7 @@ netsnmp_udpipv4base_tspec_transport(nets
if (NULL != tspec->source) {
struct sockaddr_in src_addr, *srcp = &src_addr;
/** get sockaddr from source */
- if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, NULL))
+ if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, ":0"))
return NULL;
return netsnmp_udpipv4base_transport_with_source(&addr, local, srcp);
} else {
@@ -364,7 +364,7 @@ netsnmp_udpipv4base_transport(const stru
strcat(client_address, ":0");
have_port = 1;
}
- rc = netsnmp_sockaddr_in2(&client_addr, client_socket, NULL);
+ rc = netsnmp_sockaddr_in2(&client_addr, client_socket, ":0");
if (client_address != client_socket)
free(client_address);
if(rc) {

@ -0,0 +1,11 @@
diff -urNp a/agent/snmpd.c b/agent/snmpd.c
--- a/agent/snmpd.c 2018-10-04 10:34:10.939728847 +0200
+++ b/agent/snmpd.c 2018-10-04 10:34:43.910625603 +0200
@@ -325,6 +325,7 @@ usage(char *prog)
" -S d|i|0-7\t\tuse -Ls <facility> instead\n"
"\n"
);
+ exit(1);
}
static void

@ -0,0 +1,13 @@
diff -urNp a/snmplib/cert_util.c b/snmplib/cert_util.c
--- a/snmplib/cert_util.c 2021-12-09 08:45:23.217942229 +0100
+++ b/snmplib/cert_util.c 2021-12-09 08:46:56.567562352 +0100
@@ -1368,8 +1368,7 @@ _add_certfile(const char* dirname, const
okey = PEM_read_bio_PrivateKey(certbio, NULL, NULL, NULL);
if (NULL == okey)
- snmp_log(LOG_ERR, "error parsing key file %s\n",
- key->info.filename);
+ snmp_log(LOG_ERR, "error parsing key file %s\n", filename);
else {
key = _add_key(okey, dirname, filename, index);
if (NULL == key) {

@ -0,0 +1,357 @@
diff -urNp c/agent/snmp_agent.c d/agent/snmp_agent.c
--- c/agent/snmp_agent.c 2019-09-18 08:44:53.833601845 +0200
+++ d/agent/snmp_agent.c 2019-09-18 08:46:38.176595597 +0200
@@ -1604,6 +1604,13 @@ free_agent_snmp_session(netsnmp_agent_se
DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
asp, asp->reqinfo));
+
+ /* Clean up securityStateRef here to prevent a double free */
+ if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->orig_pdu);
+ if (asp->pdu && asp->pdu->securityStateRef)
+ snmp_free_securityStateRef(asp->pdu);
+
if (asp->orig_pdu)
snmp_free_pdu(asp->orig_pdu);
if (asp->pdu)
diff -urNp c/include/net-snmp/pdu_api.h d/include/net-snmp/pdu_api.h
--- c/include/net-snmp/pdu_api.h 2019-09-18 08:44:53.822601740 +0200
+++ d/include/net-snmp/pdu_api.h 2019-09-18 08:47:03.620838212 +0200
@@ -19,6 +19,8 @@ NETSNMP_IMPORT
netsnmp_pdu *snmp_fix_pdu( netsnmp_pdu *pdu, int idx);
NETSNMP_IMPORT
void snmp_free_pdu( netsnmp_pdu *pdu);
+NETSNMP_IMPORT
+void snmp_free_securityStateRef( netsnmp_pdu *pdu);
#ifdef __cplusplus
}
diff -urNp c/snmplib/snmp_api.c d/snmplib/snmp_api.c
--- c/snmplib/snmp_api.c 2019-09-18 08:44:53.807601597 +0200
+++ d/snmplib/snmp_api.c 2019-09-18 08:53:19.937435576 +0200
@@ -4012,7 +4012,12 @@ snmpv3_parse(netsnmp_pdu *pdu,
static void
free_securityStateRef(netsnmp_pdu* pdu)
{
- struct snmp_secmod_def *sptr = find_sec_mod(pdu->securityModel);
+ struct snmp_secmod_def *sptr;
+
+ if(!pdu->securityStateRef)
+ return;
+
+ sptr = find_sec_mod(pdu->securityModel);
if (sptr) {
if (sptr->pdu_free_state_ref) {
(*sptr->pdu_free_state_ref) (pdu->securityStateRef);
@@ -4029,6 +4034,17 @@ free_securityStateRef(netsnmp_pdu* pdu)
pdu->securityStateRef = NULL;
}
+/*
+ * This function is here to provide a separate call to
+ * free the securityStateRef memory. This is needed to prevent
+ * a double free if this memory is freed in snmp_free_pdu.
+ */
+void
+snmp_free_securityStateRef(netsnmp_pdu* pdu)
+{
+ free_securityStateRef(pdu);
+}
+
#define ERROR_STAT_LENGTH 11
int
diff -urNp c/snmplib/snmpusm.c d/snmplib/snmpusm.c
--- c/snmplib/snmpusm.c 2019-09-18 08:44:53.802601550 +0200
+++ d/snmplib/snmpusm.c 2019-09-18 08:57:35.696872662 +0200
@@ -299,16 +299,20 @@ usm_free_usmStateReference(void *old)
if (old_ref) {
- SNMP_FREE(old_ref->usr_name);
- SNMP_FREE(old_ref->usr_engine_id);
- SNMP_FREE(old_ref->usr_auth_protocol);
- SNMP_FREE(old_ref->usr_priv_protocol);
+ if (old_ref->usr_name_length)
+ SNMP_FREE(old_ref->usr_name);
+ if (old_ref->usr_engine_id_length)
+ SNMP_FREE(old_ref->usr_engine_id);
+ if (old_ref->usr_auth_protocol_length)
+ SNMP_FREE(old_ref->usr_auth_protocol);
+ if (old_ref->usr_priv_protocol_length)
+ SNMP_FREE(old_ref->usr_priv_protocol);
- if (old_ref->usr_auth_key) {
+ if (old_ref->usr_auth_key_length && old_ref->usr_auth_key) {
SNMP_ZERO(old_ref->usr_auth_key, old_ref->usr_auth_key_length);
SNMP_FREE(old_ref->usr_auth_key);
}
- if (old_ref->usr_priv_key) {
+ if (old_ref->usr_priv_key_length && old_ref->usr_priv_key) {
SNMP_ZERO(old_ref->usr_priv_key, old_ref->usr_priv_key_length);
SNMP_FREE(old_ref->usr_priv_key);
}
@@ -1039,7 +1043,6 @@ usm_generate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User(%s)\n", secName));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1091,7 +1094,6 @@ usm_generate_out_msg(int msgProcModel,
thePrivProtocolLength) == 1) {
DEBUGMSGTL(("usm", "Unsupported Security Level (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1121,7 +1123,6 @@ usm_generate_out_msg(int msgProcModel,
&msgAuthParmLen, &msgPrivParmLen, &otstlen,
&seq_len, &msgSecParmLen) == -1) {
DEBUGMSGTL(("usm", "Failed calculating offsets.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1143,7 +1144,6 @@ usm_generate_out_msg(int msgProcModel,
ptr = *wholeMsg = globalData;
if (theTotalLength > *wholeMsgLen) {
DEBUGMSGTL(("usm", "Message won't fit in buffer.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1169,7 +1169,6 @@ usm_generate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
&ptr[privParamsOffset]) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1185,7 +1184,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[privParamsOffset])
== -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
}
@@ -1198,7 +1196,6 @@ usm_generate_out_msg(int msgProcModel,
&ptr[dataOffset], &encrypted_length)
!= SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
#ifdef NETSNMP_ENABLE_TESTING_CODE
@@ -1226,7 +1223,6 @@ usm_generate_out_msg(int msgProcModel,
if ((encrypted_length != (theTotalLength - dataOffset))
|| (salt_length != msgPrivParmLen)) {
DEBUGMSGTL(("usm", "encryption length error.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1362,7 +1358,6 @@ usm_generate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1376,7 +1371,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1384,7 +1378,6 @@ usm_generate_out_msg(int msgProcModel,
SNMP_ZERO(temp_sig, temp_sig_len);
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1398,7 +1391,6 @@ usm_generate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
@@ -1548,7 +1540,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if ((user = usm_get_user(secEngineID, secEngineIDLen, secName))
== NULL && secLevel != SNMP_SEC_LEVEL_NOAUTH) {
DEBUGMSGTL(("usm", "Unknown User\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNKNOWNSECURITYNAME;
}
@@ -1601,7 +1592,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm", "Unsupported Security Level or type (%d)\n",
theSecLevel));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_UNSUPPORTEDSECURITYLEVEL;
}
@@ -1636,7 +1626,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGMSGTL(("usm",
"couldn't malloc %d bytes for encrypted PDU\n",
(int)ciphertextlen));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_MALLOC;
}
@@ -1652,7 +1641,6 @@ usm_rgenerate_out_msg(int msgProcModel,
htonl(boots_uint), htonl(time_uint),
iv) == -1) {
DEBUGMSGTL(("usm", "Can't set AES iv.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1667,7 +1655,6 @@ usm_rgenerate_out_msg(int msgProcModel,
thePrivKeyLength - 8,
iv) == -1)) {
DEBUGMSGTL(("usm", "Can't set DES-CBC salt.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_GENERICERROR;
}
@@ -1686,7 +1673,6 @@ usm_rgenerate_out_msg(int msgProcModel,
scopedPdu, scopedPduLen,
ciphertext, &ciphertextlen) != SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "encryption error.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1703,7 +1689,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ciphertext, ciphertextlen);
if (rc == 0) {
DEBUGMSGTL(("usm", "Encryption failed.\n"));
- usm_free_usmStateReference(secStateRef);
SNMP_FREE(ciphertext);
return SNMPERR_USM_ENCRYPTIONERROR;
}
@@ -1743,7 +1728,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building privParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1766,7 +1750,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1789,7 +1772,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building authParams failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1805,7 +1787,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineTime failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1821,7 +1802,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm",
"building msgAuthoritativeEngineBoots failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1833,7 +1813,6 @@ usm_rgenerate_out_msg(int msgProcModel,
DEBUGINDENTLESS();
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgAuthoritativeEngineID failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1846,7 +1825,6 @@ usm_rgenerate_out_msg(int msgProcModel,
*offset - sp_offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building usm security parameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1860,7 +1838,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (rc == 0) {
DEBUGMSGTL(("usm", "building msgSecurityParameters failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1870,7 +1847,6 @@ usm_rgenerate_out_msg(int msgProcModel,
while ((*wholeMsgLen - *offset) < globalDataLen) {
if (!asn_realloc(wholeMsg, wholeMsgLen)) {
DEBUGMSGTL(("usm", "building global data failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
}
@@ -1886,7 +1862,6 @@ usm_rgenerate_out_msg(int msgProcModel,
ASN_CONSTRUCTOR), *offset);
if (rc == 0) {
DEBUGMSGTL(("usm", "building master packet sequence failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_TOO_LONG;
}
@@ -1904,7 +1879,6 @@ usm_rgenerate_out_msg(int msgProcModel,
if (temp_sig == NULL) {
DEBUGMSGTL(("usm", "Out of memory.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_GENERICERROR;
}
@@ -1915,14 +1889,12 @@ usm_rgenerate_out_msg(int msgProcModel,
!= SNMP_ERR_NOERROR) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
if (temp_sig_len != msgAuthParmLen) {
SNMP_FREE(temp_sig);
DEBUGMSGTL(("usm", "Signing lengths failed.\n"));
- usm_free_usmStateReference(secStateRef);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}
@@ -1933,7 +1905,6 @@ usm_rgenerate_out_msg(int msgProcModel,
/*
* endif -- create keyed hash
*/
- usm_free_usmStateReference(secStateRef);
DEBUGMSGTL(("usm", "USM processing completed.\n"));
return SNMPERR_SUCCESS;
} /* end usm_rgenerate_out_msg() */

@ -0,0 +1,62 @@
#!/bin/sh
#
# net-snmp-config
#
# this shell script is designed to merely dump the configuration
# information about how the net-snmp package was compiled. The
# information is particularily useful for applications that need to
# link against the net-snmp libraries and hence must know about any
# other libraries that must be linked in as well.
# this particular shell script calls arch specific script to avoid
# multilib conflicts
# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64
arch=`arch`
echo $arch | grep -q i.86
if [ $? -eq 0 ] ; then
net-snmp-config-i386 $*
exit 0
fi
if [ "$arch" = "ia64" ] ; then
net-snmp-config-ia64 $*
exit 0
fi
if [ "$arch" = "ppc" ] ; then
net-snmp-config-ppc $*
exit 0
fi
if [ "$arch" = "ppc64" ] ; then
net-snmp-config-ppc64 $*
exit 0
fi
if [ "$arch" = "s390" ] ; then
net-snmp-config-s390 $*
exit 0
fi
if [ "$arch" = "s390x" ] ; then
net-snmp-config-s390x $*
exit 0
fi
if [ "$arch" = "x86_64" ] ; then
net-snmp-config-x86_64 $*
exit 0
fi
if [ "$arch" = "alpha" ] ; then
net-snmp-config-alpha $*
exit 0
fi
if [ "$arch" = "sparc" ] ; then
net-snmp-config-sparc $*
exit 0
fi
if [ "$arch" = "sparc64" ] ; then
net-snmp-config-sparc64 $*
exit 0
fi
if [ "$arch" = "aarch64" ] ; then
net-snmp-config-aarch64 $*
exit 0
fi
echo "Cannot determine architecture"

@ -0,0 +1,38 @@
/* This file is here to prevent a file conflict on multiarch systems. A
* conflict will frequently occur because arch-specific build-time
* configuration options are stored (and used, so they can't just be stripped
* out) in net-snmp-config.h. The original net-snmp-config.h has been renamed.
* DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
#ifdef net_snmp_config_multilib_redirection_h
#error "Do not define net_snmp_config_multilib_redirection_h!"
#endif
#define net_snmp_config_multilib_redirection_h
#if defined(__i386__)
#include "net-snmp-config-i386.h"
#elif defined(__ia64__)
#include "net-snmp-config-ia64.h"
#elif defined(__powerpc64__)
#include "net-snmp-config-ppc64.h"
#elif defined(__powerpc__)
#include "net-snmp-config-ppc.h"
#elif defined(__s390x__)
#include "net-snmp-config-s390x.h"
#elif defined(__s390__)
#include "net-snmp-config-s390.h"
#elif defined(__x86_64__)
#include "net-snmp-config-x86_64.h"
#elif defined(__alpha__)
#include "net-snmp-config-alpha.h"
#elif defined(__sparc__) && defined (__arch64__)
#include "net-snmp-config-sparc64.h"
#elif defined(__sparc__)
#include "net-snmp-config-sparc.h"
#elif defined(__aarch64__)
#include "net-snmp-config-aarch64.h"
#else
#error "net-snmp-devel package does not work on your architecture"
#endif
#undef net_snmp_config_multilib_redirection_h

@ -0,0 +1 @@
d /run/net-snmp 0755 root root

@ -0,0 +1,6 @@
# Example configuration file for snmptrapd
#
# No traps are handled by default, you must edit this file!
#
# authCommunity log,execute,net public
# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold

@ -0,0 +1,462 @@
###############################################################################
#
# snmpd.conf:
# An example configuration file for configuring the ucd-snmp snmpd agent.
#
###############################################################################
#
# This file is intended to only be as a starting point. Many more
# configuration directives exist than are mentioned in this file. For
# full details, see the snmpd.conf(5) manual page.
#
# All lines beginning with a '#' are comments and are intended for you
# to read. All other lines are configuration commands for the agent.
###############################################################################
# Access Control
###############################################################################
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes. Examples are shown below about how to increase the
# level of access.
# By far, the most common question I get about the agent is "why won't
# it work?", when really it should be "how do I configure the agent to
# allow me to access it?"
#
# By default, the agent responds to the "public" community for read
# only access, if run out of the box without any configuration file in
# place. The following examples show you other ways of configuring
# the agent so that you can change the community names, and give
# yourself write access to the mib tree as well.
#
# For more information, read the FAQ as well as the snmpd.conf(5)
# manual page.
####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser default public
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights to:
# Make at least snmpwalk -v 1 localhost -c public system fast again.
# name incl/excl subtree mask(optional)
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
####
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
# restrictive access.
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
## sec.name source community
#com2sec local localhost COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY
## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any otherv3user
#...
## incl/excl subtree mask
#view all included .1 80
## -or just the mib2 tree-
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
###############################################################################
# Sample configuration to make net-snmpd RFC 1213.
# Unfortunately v1 and v2c don't allow any user based authentification, so
# opening up the default config is not an option from a security point.
#
# WARNING: If you uncomment the following lines you allow write access to your
# snmpd daemon from any source! To avoid this use different names for your
# community or split out the write access to a different community and
# restrict it to your local network.
# Also remember to comment the syslocation and syscontact parameters later as
# otherwise they are still read only (see FAQ for net-snmp).
#
# First, map the community name "public" into a "security name"
# sec.name source community
#com2sec notConfigUser default public
# Second, map the security name into a group name:
# groupName securityModel securityName
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
# Third, create a view for us to let the group have rights to:
# Open up the whole tree for ro, make the RFC 1213 required ones rw.
# name incl/excl subtree mask(optional)
#view roview included .1
#view rwview included system.sysContact
#view rwview included system.sysName
#view rwview included system.sysLocation
#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus
#view rwview included at.atTable.atEntry.atPhysAddress
#view rwview included at.atTable.atEntry.atNetAddress
#view rwview included ip.ipForwarding
#view rwview included ip.ipDefaultTTL
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask
#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress
#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType
#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState
#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger
#view rwview included snmp.snmpEnableAuthenTraps
# Finally, grant the group read-only access to the systemview view.
# group context sec.model sec.level prefix read write notif
#access notConfigGroup "" any noauth exact roview rwview none
###############################################################################
# System contact information
#
# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
# Example output of snmpwalk:
# % snmpwalk -v 1 localhost -c public system
# system.sysDescr.0 = "SunOS name sun4c"
# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
# system.sysContact.0 = "Me <me@somewhere.org>"
# system.sysName.0 = "name"
# system.sysLocation.0 = "Right here, right now."
# system.sysServices.0 = 72
###############################################################################
# Logging
#
# We do not want annoying "Connection from UDP: " messages in syslog.
# If the following option is commented out, snmpd will print each incoming
# connection, which can be useful for debugging.
dontLogTCPWrappersConnects yes
# -----------------------------------------------------------------------------
###############################################################################
# Process checks.
#
# The following are examples of how to use the agent to check for
# processes running on the host. The syntax looks something like:
#
# proc NAME [MAX=0] [MIN=0]
#
# NAME: the name of the process to check for. It must match
# exactly (ie, http will not find httpd processes).
# MAX: the maximum number allowed to be running. Defaults to 0.
# MIN: the minimum number to be running. Defaults to 0.
#
# Examples (commented out by default):
#
# Make sure mountd is running
#proc mountd
# Make sure there are no more than 4 ntalkds running, but 0 is ok too.
#proc ntalkd 4
# Make sure at least one sendmail, but less than or equal to 10 are running.
#proc sendmail 10 1
# A snmpwalk of the process mib tree would look something like this:
#
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2
# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
#
# Note that the errorFlag for mountd is set to 1 because one is not
# running (in this case an rpc.mountd is, but thats not good enough),
# and the ErrMessage tells you what's wrong. The configuration
# imposed in the snmpd.conf file is also shown.
#
# Special Case: When the min and max numbers are both 0, it assumes
# you want a max of infinity and a min of 1.
#
# -----------------------------------------------------------------------------
###############################################################################
# Executables/scripts
#
#
# You can also have programs run by the agent that return a single
# line of output and an exit code. Here are two examples.
#
# exec NAME PROGRAM [ARGS ...]
#
# NAME: A generic name. The name must be unique for each exec statement.
# PROGRAM: The program to run. Include the path!
# ARGS: optional arguments to be passed to the program
# a simple hello world
#exec echotest /bin/echo hello world
# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
#exec shelltest /bin/sh /tmp/shtest
# Then,
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8
# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
# Note that the second line of the /tmp/shtest shell script is cut
# off. Also note that the exit status of 35 was returned.
# -----------------------------------------------------------------------------
###############################################################################
# disk checks
#
# The agent can check the amount of available disk space, and make
# sure it is above a set limit.
# disk PATH [MIN=100000]
#
# PATH: mount path to the disk in question.
# MIN: Disks with space below this value will have the Mib's errorFlag set.
# Default value = 100000.
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F
# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
# -----------------------------------------------------------------------------
###############################################################################
# load average checks
#
# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0]
#
# 1MAX: If the 1 minute load average is above this limit at query
# time, the errorFlag will be set.
# 5MAX: Similar, but for 5 min average.
# 15MAX: Similar, but for 15 min average.
# Check for loads:
#load 12 14 14
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31
# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
# -----------------------------------------------------------------------------
###############################################################################
# Extensible sections.
#
# This alleviates the multiple line output problem found in the
# previous executable mib by placing each mib in its own mib table:
# Run a shell script containing:
#
# #!/bin/sh
# echo hello world
# echo hi there
# exit 35
#
# Note: this has been specifically commented out to prevent
# accidental security holes due to someone else on your system writing
# a /tmp/shtest before you do. Uncomment to use it.
#
# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50
# enterprises.ucdavis.50.1.1 = 1
# enterprises.ucdavis.50.2.1 = "shelltest"
# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
# enterprises.ucdavis.50.100.1 = 35
# enterprises.ucdavis.50.101.1 = "hello world."
# enterprises.ucdavis.50.101.2 = "hi there."
# enterprises.ucdavis.50.102.1 = 0
# Now the Output has grown to two lines, and we can see the 'hi
# there.' output as the second line from our shell script.
#
# Note that you must alter the mib.txt file to be correct if you want
# the .50.* outputs above to change to reasonable text descriptions.
# Other ideas:
#
# exec .1.3.6.1.4.1.2021.51 ps /bin/ps
# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
# -----------------------------------------------------------------------------
###############################################################################
# Pass through control.
#
# Usage:
# pass MIBOID EXEC-COMMAND
#
# This will pass total control of the mib underneath the MIBOID
# portion of the mib to the EXEC-COMMAND.
#
# Note: You'll have to change the path of the passtest script to your
# source directory or install it in the given location.
#
# Example: (see the script for details)
# (commented out here since it requires that you place the
# script in the right location. (its not installed by default))
# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255
# enterprises.ucdavis.255.1 = "life the universe and everything"
# enterprises.ucdavis.255.2.1 = 42
# enterprises.ucdavis.255.2.2 = OID: 42.42.42
# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
# enterprises.ucdavis.255.5 = 42
# enterprises.ucdavis.255.6 = Gauge: 42
#
# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5
# enterprises.ucdavis.255.5 = 42
#
# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string"
# enterprises.ucdavis.255.1 = "New string"
#
# For specific usage information, see the man/snmpd.conf.5 manual page
# as well as the local/passtest script used in the above example.
###############################################################################
# Further Information
#
# See the snmpd.conf manual page, and the output of "snmpd -H".

@ -0,0 +1,3 @@
# snmpd command line options
# '-f' is implicitly added by snmpd systemd unit file
# OPTIONS="-LS0-6d"

@ -0,0 +1,3 @@
# snmptrapd command line options
# '-f' is implicitly added by snmptrapd systemd unit file
# OPTIONS="-Lsd"

@ -0,0 +1,13 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Daemon.
After=syslog.target network-online.target
[Service]
Type=notify
Environment=OPTIONS="-LS0-6d"
EnvironmentFile=-/etc/sysconfig/snmpd
ExecStart=/usr/sbin/snmpd $OPTIONS -f
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

@ -0,0 +1,13 @@
[Unit]
Description=Simple Network Management Protocol (SNMP) Trap Daemon.
After=syslog.target network-online.target
[Service]
Type=notify
Environment=OPTIONS="-Lsd"
EnvironmentFile=-/etc/sysconfig/snmptrapd
ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save