#754 SIGHUP processing causes crash parsing proxy config entries

proxy-override-etc
open
nobody
agent (1103)
5
2014-08-20
2003-06-09
Wes Bemont
No

snmpd crashes when handling SIGHUP if snmpd.conf file
contains 'proxy' config entries. Our snmpd.conf file
contains entries such as:

proxy -v 1 -c public hostname .1.3.6.1.2.1.2

As part of servicing a SIGHUP, the agent code does this:

netsnmp\_register\_old\_api\(\)
  <creates reginfo>
  netsnmp\_register\_handler\(...,reginfo\)
    netsnmp\_register\_mib\(...,reginfo\)
      <creates subtree>
      subtree->reginfo=reginfo;
      netsnmp\_subtree\_load\(...,subtree\) 
//returns MIB\_DUPLICATE\_REGISTRATION
      netsnmp\_subtree\_free\(subtree\) 
//because netsnmp\_subtree\_load\(\) didn't

return MIB_REGISTERED_OK
netsnmp_handler_registration_free(subtree-
>reginfo)
netsnmp_handler_registration_free()
//because netsnmp_register_handler() didn't
return MIB_REGISTERED_OK

Notice that the reginfo data structure created in
netsnmp_register_old_api() is free()d twice - once by
netsnmp_register_mib() calling netsnmp_subtree_free(),
which calls netsnmp_handler_registration_free(); and a
second time by netsnmp_register_old_api() calling
netsnmp_handler_registration_free() directly.

The second free() causes the crash.

The best fix might be to make the following change in
netsnmp_register_mib():

 subtree->reginfo = reginfo;

becomes

 subtree->reginfo =
      netsnmp\_handler\_registration\_dup\(reginfo\);

Thanks,
Wes

Discussion