#2251 ipAddressPrefix column contains uninitialized data for IPv4
OS: linux
Version: all 5.4.x releases (including net-snmp-5.4.4.pre2) are affected, 5.5.x releases are _not_affected
Problem:
- when retrieving IP-MIB::ipAddressTable the ipAddressPrefix column contains random characters for the IPv4 address:
IP-MIB::ipAddressPrefixOrigin.1.ipv4."48.204.103.8".0
- the values may vary for each subsequent retrieval of the table
How to reproduce:
tar xzf net-snmp-5.4.3.tar.gz
cd net-snmp-5.4.3
./configure --with-mib-modules="ucd-snmp/dlmod mibII" --with-mibs="SNMPv2-MIB:RFC1213-MIB:IF-MIB:IP-MIB:UDP-MIB:TCP-MIB"
make
echo "view systemonly included .1" >> EXAMPLE.conf
sudo agent/snmpd -f -c EXAMPLE.conf
access the table with:
snmptable -v2c -c public localhost IP-MIB::ipAddressTable
current result: see above
expected result: meaning IP addresses
Notes:
- valgrind revealed the use of uninitialized data when sending out the response
- I have checked the 5.5.x source and found the following difference which indeed fixed the issue:
--- a/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c
+++ b/net-snmp/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c
@@ -232,7 +232,7 @@ _netsnmp_ioctl_ipaddress_container_load_v4(netsnmp_container *container,
netsnmp_assert(AF_INET == ifrp->ifr_addr.sa_family);
si = (struct sockaddr_in *) &ifrp->ifr_addr;
entry->ia_prefix_len =
- netsnmp_ipaddress_ipv4_prefix_len(si->sin_addr.s_addr);
+ netsnmp_ipaddress_ipv4_prefix_len(ntohl(si->sin_addr.s_addr));
/\*
\* get flags
In 5.4.x, netsnmp_ipaddress_ipv4_prefix_len() would return 0 which seems to be an issue later on when the IP is converted into the OID.
If the sin_addr.s_addr is converted into host byte order, then netsnmp_ipaddress_ipv4_prefix_len() will correctly return the correct prefix length.
Please note that in all branches of net-snmp the comment of
int netsnmp_ipaddress_ipv4_prefix_len(in_addr_t mask)
is misleading:
" * @param mask network byte order make"
As it looks like this function needs its argument in host byte order. ;-)
I just ran into this problem when using the latest update from Observium. Heeding the Valgrind warning about 'use of uninitialised data' might not be a bad idea considering the heartbleed mess, although this is probably nowhere near as severe. As this is a simple bug fix, please fix this. Long Term Support releases like Ubuntu 12.04 LTS still use net-snmp 5.4, so this version is still relevant.
This has been fixed in the current versions in the repository, where the prefix_len function has been rewritten to work as documented.
Hi Niels. I see your commits on the V5-4-patches branch (https://sourceforge.net/p/net-snmp/code/ci/ec96b35d5060c09b9f53d4dec73fb7965c2ac145/). Thanks!
The last release of 5.4 is 5.4.4 from June 2011 though. When are the fixes since then expected to be released as 5.4.5? Or are package builders expected to take the latest tree from git and not bother about the version number? (not judging, just trying to figure out what I should do!)