5.7.2 will crash if a running process has arguments that are longer than BUFSIZ. An easy way to recreate this is to create a shell script with:
sleep 9999
in it and then call it with:
./test.sh a really long string here
Then, run snmpwalk against the host. snmpd will crash.
In agent/mibgroup/host/data_access/swrun_kinfo.c, we use strcat() and will overflow the buffer (buf) if argv is larger than BUFSIZ bytes.
The attached patch will truncate anything beyond BUFSIZ and prevent snmpd from crashing.
Thanks for the report.
This problem has already been fixed by the patch attached to bug 2286.
This bug still exists even with the patch from 2286. It is caused by us adding spaces (via strcat()) in the while() loop when iterating through argv:
The patch from #2286 only limits the number of characters returned, but does not factor in that we loop through the arguments and insert spaces between them when building the string that we place into 'buf'.
2286 also does not factor in that we consume the first two bytes with NULLs.
Last edit: Ryan Steinmetz 2014-02-25
I think this is a more complete patch than the one from #2286.
Reproducing this is simple: Apply the patch from #2286, then ensure that your arguments string also has a ton of spaces in it and exceeds BUFSIZ characters total.
Last edit: Ryan Steinmetz 2014-02-24
Patch applied to 5.5 branches and up. Thank you!