#2527 netSNMP-5.7.2 segfault when sending V3 INFORM notification

64-bit
closed
Bill Fenner
None
5
2014-04-27
2014-03-07
EEF
No

Hi!

I am trying to use netSNMP-5.7.2 in Ubuntu-10.04 and Ubuntu-13.10 and I am seeing an issue where snmpd is crashing when I configure it to send V3 INFORM notification with an invalid username or digest.

I am adding the following 'trapsess' to the default snmpd.conf. This works fine if I will set the users credential properly. But if the snmp manager rejects the trap due to wrong user or wrong digest then I am getting a segmentation fault.

trapsess -Ci -v 3 -l authPriv -a SHA -A opennms1_SHA -x AES -X opennms1_AES -u opennms1 192.168.1.34

Here's the stack trace from the coredump.

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/snmpd -Lsd -Lf /dev/null -mALL -u root -g root -I -smux mteTrigger mt'.
Program terminated with signal 11, Segmentation fault.

0 0x00007f97dbca17c5 in ?? () from /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30

(gdb) bt

0 0x00007f97dbca17c5 in ?? () from /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30

1 0x00007f97dbca1abe in _sess_read () from /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30

2 0x00007f97dbca2909 in snmp_sess_read2 () from /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30

3 0x00007f97dbca295b in snmp_read2 () from /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30

4 0x0000000000404820 in main ()

Thanks!

Eric

Related

Bugs: #2527

Discussion

  • Bill Fenner
    Bill Fenner
    2014-03-10

    Can you please try the patch in http://sourceforge.net/p/net-snmp/bugs/_discuss/thread/8fca38c2/5911/attachment/bug2507.patch ?

    Alternately, try net-snmp 5.7.3pre3?

     
    • EEF
      EEF
      2014-03-11

      Hi Bill,

      Thank you very much and I appreciate your help. Yeah, this patch will fix
      the issue. This is a temporary fix that I did last week so the I can
      continue the testing. I tried to debug and modified the code and found out
      the it is trying to dereference the 'magic' pointer which is
      un-initialize. However, I wasn't able to finish reading the code and not
      sure at that time if there will be any negative effects. I am more
      confident now that I received this patch.

      The other solution I did was modifying the 'snmp_api.h' and set
      'SNMPV3_IGNORE_UNAUTH_REPORTS' to '1'. This also fix the issue but I your
      patch better.

      Regards,

      Eric

      On Mon, Mar 10, 2014 at 2:31 PM, Bill Fenner fenner@users.sf.net wrote:

      Can you please try the patch in
      http://sourceforge.net/p/net-snmp/bugs/_discuss/thread/8fca38c2/5911/attachment/bug2507.patch?

      Alternately, try net-snmp 5.7.3pre3?

      • [bugs:#2527] netSNMP-5.7.2 segfault when sending V3 INFORM notification*

      Status: open
      Group: 64-bit
      Created: Fri Mar 07, 2014 09:13 PM UTC by EEF
      Last Updated: Fri Mar 07, 2014 09:13 PM UTC
      Owner: nobody

      Hi!

      I am trying to use netSNMP-5.7.2 in Ubuntu-10.04 and Ubuntu-13.10 and I am
      seeing an issue where snmpd is crashing when I configure it to send V3
      INFORM notification with an invalid username or digest.

      I am adding the following 'trapsess' to the default snmpd.conf. This works
      fine if I will set the users credential properly. But if the snmp manager
      rejects the trap due to wrong user or wrong digest then I am getting a
      segmentation fault.

      trapsess -Ci -v 3 -l authPriv -a SHA -A opennms1_SHA -x AES -X
      opennms1_AES -u opennms1 192.168.1.34

      Here's the stack trace from the coredump.

      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
      Core was generated by `/usr/sbin/snmpd -Lsd -Lf /dev/null -mALL -u root -g
      root -I -smux mteTrigger mt'.
      Program terminated with signal 11, Segmentation fault.
      0 0x00007f97dbca17c5 in ?? () from
      /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30

      (gdb) bt
      0 0x00007f97dbca17c5 in ?? () from
      /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30 1 0x00007f97dbca1abe in
      _sess_read () from /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30 2
      0x00007f97dbca2909 in snmp_sess_read2 () from
      /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30 3 0x00007f97dbca295b in
      snmp_read2 () from /usr/lib/x86_64-linux-gnu/libnetsnmp.so.30 4
      0x0000000000404820 in main ()

      Thanks!

      Eric

      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/net-snmp/bugs/2527/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #2527

  • Niels Baggesen
    Niels Baggesen
    2014-04-27

    • status: open --> closed
    • assigned_to: Bill Fenner