diff options
author | Junling Zheng <zhengjunling@huawei.com> | 2015-05-04 03:22:26 +0000 |
---|---|---|
committer | Joe MacDonald <joe_macdonald@mentor.com> | 2015-05-08 15:40:28 -0400 |
commit | ff3c52f44da3cd8c2e350677c85d161b9819ddcc (patch) | |
tree | 15dfe1c1af0d0424bc26d82b7f1e43264c3e16c6 /meta-networking/recipes-protocols/net-snmp/net-snmp | |
parent | 2cb54ed8a103c56fcf42d4a363d175dbdc094489 (diff) | |
download | meta-openembedded-contrib-ff3c52f44da3cd8c2e350677c85d161b9819ddcc.tar.gz |
net-snmp: fix CVE-2014-2285
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Diffstat (limited to 'meta-networking/recipes-protocols/net-snmp/net-snmp')
-rw-r--r-- | meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Fix-CVE-2014-2285.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Fix-CVE-2014-2285.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Fix-CVE-2014-2285.patch new file mode 100644 index 0000000000..b1514b97f9 --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/0001-Fix-CVE-2014-2285.patch @@ -0,0 +1,49 @@ +From 87a0d27102ceffb92e5c1d6fbbd24972a9dd33ac Mon Sep 17 00:00:00 2001 +From: Junling Zheng <zhengjunling@huawei.com> +Date: Mon, 20 Apr 2015 10:23:08 +0000 +Subject: [PATCH] Fix CVE-2014-2285 + +Sending SNMP trap with empty community string crashes snmptrapd if Perl +handler is enabled. + +Refer to: +https://bugzilla.redhat.com/show_bug.cgi?id=1072044 + +Upstream Status: Backported + +Signed-off-by: Junling Zheng <zhengjunling@huawei.com> +--- + perl/TrapReceiver/TrapReceiver.xs | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/perl/TrapReceiver/TrapReceiver.xs b/perl/TrapReceiver/TrapReceiver.xs +index 531bfa4..ac94370 100644 +--- a/perl/TrapReceiver/TrapReceiver.xs ++++ b/perl/TrapReceiver/TrapReceiver.xs +@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu *pdu, + STOREPDUi("securitymodel", pdu->securityModel); + STOREPDUi("securitylevel", pdu->securityLevel); + STOREPDU("contextName", +- newSVpv(pdu->contextName, pdu->contextNameLen)); ++ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen)); + STOREPDU("contextEngineID", +- newSVpv((char *) pdu->contextEngineID, ++ newSVpv((char *)(pdu->contextEngineID ? pdu->contextEngineID : ""), + pdu->contextEngineIDLen)); + STOREPDU("securityEngineID", +- newSVpv((char *) pdu->securityEngineID, ++ newSVpv((char *)(pdu->securityEngineID ? pdu->securityEngineID : ""), + pdu->securityEngineIDLen)); + STOREPDU("securityName", +- newSVpv((char *) pdu->securityName, pdu->securityNameLen)); ++ newSVpv((char *)(pdu->securityName ? pdu->securityName : ""), pdu->securityNameLen)); + } else { + STOREPDU("community", +- newSVpv((char *) pdu->community, pdu->community_len)); ++ newSVpv((char *)(pdu->community ? pdu->community : ""), pdu->community_len)); + } + + if (transport && transport->f_fmtaddr) { +-- +1.8.3.4 + |