net-snmp / Bugs / #2930 snmpd on Solaris 11 crashes while querying for hrSWInstalled and one of the installed packages is missing CATEGORY field

snmpd on Solaris 11 crashes while querying for hrSWInstalled and one of the...

#2930 snmpd on Solaris 11 crashes while querying for hrSWInstalled and one of the installed packages is missing CATEGORY field

Milestone: solaris

Status: closed

Owner: Bart Van Assche

Labels: Solaris (6) snmpd (5)

Priority: 5

Updated: 2019-04-08

Created: 2019-04-04

Creator: Narendra Kumar S S

Private: No

Solaris Version 11.4.5.3.0
net-snmp snmpd version 5.73

When 'snmpwalk -v1 -c public localhost hrSWInstalled' command is executed, snmpd daemon crashes with the attached stack trace.

The problem happens when CATEGORY field is missing or having empty value in pkginfo file of one of the installed packages.

The problem is happening due to the following reason:
Following line returns NULL pointer (swinst_pkginfo.c line# 185):
c = pkgparam( dp->d_name, "CATEGORY" );

Since c is NULL, the following line dumps core (swinst_pkginfo.c line# 191):
entry->swType = (NULL != strstr( c, "system"))

The solution is to check if c is not NULL and execute the strstr part.

The same problem was reported earlier and is fixed in Linux.
The bug id is: 2780

1 Attachments

stack_trace.txt

Discussion

Please verify whether the patch below fixes this crash:

Subject: [PATCH] CHANGES: BUG: 2780: 2930: Avoid that querying hrSWInstalled triggers a crash

See also https://sourceforge.net/p/net-snmp/bugs/2780/ and
https://sourceforge.net/p/net-snmp/bugs/2930/.
---
 agent/mibgroup/host/data_access/swinst_pkginfo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/agent/mibgroup/host/data_access/swinst_pkginfo.c b/agent/mibgroup/host/data_access/swinst_pkginfo.c
index b10fee0665c5..845919c1899a 100644
--- a/agent/mibgroup/host/data_access/swinst_pkginfo.c
+++ b/agent/mibgroup/host/data_access/swinst_pkginfo.c
@@ -189,7 +189,7 @@ netsnmp_swinst_arch_load( netsnmp_container *container, u_int flags)
                      "%s-%s", dp->d_name, v );
        if (entry->swName_len >= sizeof(entry->swName))
        entry->swName_len = sizeof(entry->swName)-1;

-       entry->swType = (NULL != strstr( c, "system"))
+       entry->swType = c && strstr( c, "system")
                ? 2      /* operatingSystem */
                : 4;     /*  application    */

Narendra Kumar S S - 2019-04-05

I have uploaded a patch which I have tested on Solaris.
The link to the patch is: https://sourceforge.net/p/net-snmp/patches/1390/
The same I am attaching here also for easy reference.

netsnmp-swinst_pkginfo-crash.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bart Van Assche - 2019-04-08

status: open --> closed

assigned_to: Bart Van Assche
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bart Van Assche - 2019-04-08

Patch 1390 has been committed on the v5.8 and master branches. Thanks for the patch!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

snmpd on Solaris 11 crashes while querying for hrSWInstalled and one of the...

Group

Searches

Help

#2930 snmpd on Solaris 11 crashes while querying for hrSWInstalled and one of the installed packages is missing CATEGORY field

Discussion