Menu
▾
▴
#2957 AddressSanitizer: global-buffer-overflow netsnmp_internal_pass_parse
Running latest V5-8-patches and seeing these AddressSanitizer error when using pass_persist scripts:
Connection from UDP: [172.27.18.21]:56501->[172.27.18.23]:161
=================================================================
==14249==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f0b0cdc97ff at pc 0x7f0b0c93b2e4 bp 0x7ffe82036570 sp 0x7ffe82036568
READ of size 1 at 0x7f0b0cdc97ff thread T0
#0 0x7f0b0c93b2e3 in netsnmp_internal_pass_parse (/usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.35+0x1aa2e3)
#1 0x7f0b0c8a7618 in var_extensible_pass_persist (/usr/lib/x86_64-linux-gnu/libnetsnmpmibs.so.35+0x116618)
#2 0x7f0b0ceb94db in netsnmp_old_api_helper (/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.35+0x454db)
#3 0x7f0b0cee342d in netsnmp_call_handler (/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.35+0x6f42d)
#4 0x7f0b0cee3ae0 in netsnmp_call_handlers (/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.35+0x6fae0)
#5 0x7f0b0cf0fa79 in handle_var_requests (/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.35+0x9ba79)
#6 0x7f0b0cf133ed in handle_pdu (/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.35+0x9f3ed)
#7 0x7f0b0cf12afd in netsnmp_handle_request (/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.35+0x9eafd)
#8 0x7f0b0cf0a619 in handle_snmp_packet (/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.35+0x96619)
#9 0x7f0b0c3892e0 (/usr/lib/x86_64-linux-gnu/libnetsnmp.so.35+0xc22e0)
#10 0x7f0b0c3894ee (/usr/lib/x86_64-linux-gnu/libnetsnmp.so.35+0xc24ee)
#11 0x7f0b0c38aff9 in _sess_read (/usr/lib/x86_64-linux-gnu/libnetsnmp.so.35+0xc3ff9)
#12 0x7f0b0c38cec6 in snmp_sess_read2 (/usr/lib/x86_64-linux-gnu/libnetsnmp.so.35+0xc5ec6)
#13 0x7f0b0c389910 in snmp_read2 (/usr/lib/x86_64-linux-gnu/libnetsnmp.so.35+0xc2910)
#14 0x406d33 (/usr/sbin/snmpd+0x406d33)
#15 0x405d8d in main (/usr/sbin/snmpd+0x405d8d)
#16 0x7f0b0bc3cb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#17 0x4030c8 (/usr/sbin/snmpd+0x4030c8)
0x7f0b0cdc97ff is located 59 bytes to the right of global variable 'pipe_check_alarm_id' from 'ucd-snmp/pass_persist.c' (0x7f0b0cdc97c0) of size 4
0x7f0b0cdc97ff is located 1 bytes to the left of global variable 'buf2' from 'ucd-snmp/pass_persist.c' (0x7f0b0cdc9800) of size 4096
SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 netsnmp_internal_pass_parse
Shadow bytes around the buggy address:
0x0fe1e19b12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe1e19b12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe1e19b12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe1e19b12d0: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
0x0fe1e19b12e0: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
=>0x0fe1e19b12f0: 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9[f9]
0x0fe1e19b1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe1e19b1310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe1e19b1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe1e19b1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fe1e19b1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==14249==ABORTING
It would help if you could tell us which source code line triggered the
AddressSanitizer output. Please have a look at
https://clang.llvm.org/docs/AddressSanitizer.html#symbolizing-the-reports.
You can close this bug. I've fixed my pass persist script that was causing this.
I was returning a string rather then an octet string.
Thanks,
Sam