Menu

#2721 Buffer overrun in getif() in agent/mibgroup/kernel_sunos5.c

backport-needed
closed
Niels Baggesen
solaris (1)
3
2016-10-24
2016-06-23
Ivosh
No

This patch fixes a Solaris specific issue with buffer overrun of
if_nameindex->if_name. Memory for this buffer is allocated by
if_nameindex() and therefore correct string routines must be used
to access it.

Patch was created against net-snmp 5.7.2.1.
Core dump stack:
001fffa3de8e2e0c getif (32, 2d50, 3f879400, ffffff15fbf0fb68, 5000005480455db0, 1fffa3de8e4ea0) + 24c
001fffa3de8e0434 getMibstat (1, 0, e8, 0, 1fffa3de8e4ea0, 0) + 5f4
001fffa3de8f9e5c netsnmp_arch_interface_container_load (8000005480455c40, 0, 1fffa3de8314e0, 0, 2b8, 1dc800) + bc
001fffa3de8d11c4 netsnmp_access_interface_init (8000005480455c40, 1, 1fffa3de843150, 1fffa3dea1b56c, 1fffa3dea0e000, 1fffa3de702288) + 144
001fffa3de90cb2c init_mib_modules (0, ffffffffffe40ef0, 1bf000, 1fffa3dea0e000, 1fffa3dec1b2e8, 1fffa3de84eef0) + 1c
0000000100004de4 main (1001090d0, ffffff15fbf102b8, a00000548044d428, ffffff15fbf1051f, 100003660, 100108000) + e84
0000000100003a48 _start (0, 0, 0, 0, 0, 100108000) + 108

With the patch in place, no buffer overrun is experienced.

Discussion

  • Ivosh

    Ivosh - 2016-06-23

    Proposed patch. Sweet and nice.

     
    kernel_sunos5.patch

  • Niels Baggesen

    Niels Baggesen - 2016-08-31
    • status: open --> accepted
    • assigned_to: Niels Baggesen
     

  • Niels Baggesen

    Niels Baggesen - 2016-08-31

    Thank for the patch! It has been applied to all active branches.

     

  • Niels Baggesen

    Niels Baggesen - 2016-10-24
    • status: accepted --> closed
     

Log in to post a comment.