Menu
▾
▴
[Net-snmp-patches] [ net-snmp-Patches-3035335 ] prevent NULL pointer de-ref in snmp_sess_synch_response()
|
From: SourceForge.net <no...@so...> - 2010-07-30 12:38:37
|
Patches item #3035335, was opened at 2010-07-27 07:53 Message generated for change (Settings changed) made by hardaker You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=312694&aid=3035335&group_id=12694 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed Resolution: Duplicate Priority: 5 Private: No Submitted By: sws () Assigned to: Nobody/Anonymous (nobody) Summary: prevent NULL pointer de-ref in snmp_sess_synch_response() Initial Comment: This was done against net-snmp-5.5 All work done on my Ubuntu laptop: uname -srm: Linux 2.6.32-24-generic x86_64 While using the python API I trigged a core in snmp_client.c:snmp_sess_synch_response() Here are the steps I used to produce the problem: import netsnmp # HOST should not exit HOST='localho' OIDS = { 'sysUpTime': '.1.3.6.1.2.1.1.3' } snmpRoSess = netsnmp.Session(DestHost=HOST, Version=2, Community='private') vars = netsnmp.VarList(netsnmp.Varbind(OIDS['sysUpTime'], 0, '4', 'INTEGER')) rval = snmpRoSess.set(vars) This is caused by passing a NULL sessp into snmp_sess_synch_response() This could be tirggered by any of calls in the python snmp module since they all go through __send_sync_pdu() which will call snmp_sess_synch_response(). After the call to snmp_sess_session() in snmp_sess_synch_response(): ss = snmp_sess_session(sessp); ss is not checked for being NULL. If it is NULL there are some problems at: cbsav = ss->callback; The attached patch simply checks to make sure we get something back from snmp_sess_session() otherwise STAT_ERROR is returned. After applying this patch I am able to run the above steps without seeing the problem. Using GDB I also verfied that STAT_ERROR is return to __send_sync_pdu when calling snmp_sess_session() with a NULL session pointer. ---------------------------------------------------------------------- Comment By: sws () Date: 2010-07-27 07:58 Message: sorry some how I opened this twice... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=312694&aid=3035335&group_id=12694 |