From: <no...@so...> - 2000-11-06 09:54:35
|
Bug #121756, was updated on 2000-Nov-06 01:54 Here is a current snapshot of the bug. Project: net-snmp Category: library Status: Open Resolution: None Bug Group: None Priority: 5 Summary: 4.2.pre1: bus error in MDsign (SNMPv3/authType MD5) Details: I have configured the UCD SNMP tools so that they use SNMPv3 with securityLevel authNoPriv and authType MD5 by default. Now I find that when I use the snmp... tools, they usually dump core with a bus error when computing the MD5 hash to sign request messages. I assume that the reason for this is as follows: The MD5 code used in UCD-SNMP uses 32-bit operations and requires that the plaintext buffer on which it operates be aligned to word boundaries. In former times, when BER-encoding proceeded from left to right, this was always the case. But now that the BER is written from the end, it is quite likely (P = 0.75) that the start of the BER-encoded message does *not* fall on a word boundary. Proposed solution: It would be nice if the MD5 code could be modified so that it doesn't have the word alignment requirement anymore. However since MD5 is so 32-bit oriented this might be difficult. So I think the easiest way around the problem would be to move the BER-encoded message backwards to the closest word boundary if (1.) the authType/privType encoding method requires that and (2.) the message doesn't already happen to be aligned correctly. (gdb) r eg1 cpmCPUTotal5min Starting program: /usr/local/bin/snmpbulkwalk eg1 cpmCPUTotal5min Program received signal SIGBUS, Bus error. MDreverse (X=0xffbee701) at md5.c:152 152 revx; revx; revx; revx; revx; revx; revx; revx; (gdb) where #0 MDreverse (X=0xffbee701) at md5.c:152 #1 0xff3559d8 in MDblock (MDp=0xffbebb90, X=0xffbee701) at md5.c:168 #2 0xff35668c in MDupdate (MDp=0xffbebb90, X=0xffbee701 "0}\002\001\0030\020\002\004\022¶:·\002\002\005À\004\001\005\002\001\003\00400.\004\f", count=512) at md5.c:294 #3 0xff356948 in MDsign ( data=0xffbee701 "0}\002\001\0030\020\002\004\022¶:·\002\002\005À\004\001\005\002\001\003\00400.\004\f", len=127, mac=0x14bdb0 "", maclen=12, secret=0xffbee701 "0}\002\001\0030\020\002\004\022¶:·\002\002\005À\004\001\005\002\001\003\00400.\004\f", secretlen=4290689936) at md5.c:404 #4 0xff3675b0 in sc_generate_keyed_hash (authtype=0x13f248, authtypelen=10, key=0x144100 "ôN\030·\177\0033a*Ð\031\a²}?5", keylen=16, message=0xffbee701 "0}\002\001\0030\020\002\004\022¶:·\002\002\005À\004\001\005\002\001\003\00400.\004\f", msglen=127, MAC=0x14bdb0 "", maclen=0xffbebecc) at scapi.c:271 #5 0xff362608 in usm_rgenerate_out_msg (msgProcModel=-4266240, globalData=0xffbec587 "\002\001\0030\020\002\004\022¶:·\002\002\005À\004\001\005\002\001\003", globalDataLen=21, maxMsgSize=-4274324, secModel=54, secEngineID=0x0, secEngineIDLen=12, secName=0x5e010 "leinen", secNameLen=6, secLevel=2, scopedPdu=0xffbee74a "04\004\f", scopedPduLen=54, secStateRef=0x0, wholeMsg=0xffbee77f "", wholeMsgLen=0xffbec76c) at snmpusm.c:1578 #6 0xff343130 in snmpv3_packet_rbuild (pdu=0x5e3c0, packet=0xffbee77f "", out_length=0xffbec76c, pdu_data=0xffbee749 "", pdu_data_len=4290692486) at snmp_api.c:2042 #7 0xff340c88 in snmpv3_build (session=0x5dee0, pdu=0x5e3c0, packet=0xffbee77f "", out_length=0xffbec76c) at snmp_api.c:1727 #8 0xff343c78 in _snmp_build (session=0x5dee0, pdu=0x5e3c0, packet=0xffbee77f "", out_length=0xffbec76c) at snmp_api.c:2163 #9 0xff3459dc in snmp_build (pss=0x5dee0, pdu=0x5e3c0, packet=0xffbee77f "", out_length=0xffbec76c) at snmp_api.c:2425 #10 0xff34c108 in _sess_async_send (sessp=0x5e3f4, pdu=0x5e3c0, callback=0, cb_data=0x0) at snmp_api.c:3740 #11 0xff34c3d8 in snmp_sess_async_send (sessp=0x14b640, pdu=0x5e3c0, callback=0x5e3f4, cb_data=0x10) at snmp_api.c:3836 #12 0xff34bedc in snmp_async_send (session=0x5dee0, pdu=0x5e3c0, callback=0, cb_data=0x0) at snmp_api.c:3643 #13 0xff34be98 in snmp_send (session=0x5dee0, pdu=0x5e3c0) at snmp_api.c:3626 #14 0xff32ebc4 in snmp_synch_response_cb (ss=0x5dee0, pdu=0x5e3c0, response=0xffbeeac0, pcb=0xff32e4f0 <snmp_synch_input>) at snmp_client.c:609 #15 0xff32ed38 in snmp_synch_response (ss=0x5dee0, pdu=0x5e3c0, response=0xffbeeac0) at snmp_client.c:662 #16 0x11088 in main (argc=385984, argv=0x1) at snmpbulkwalk.c:158 Regards, -- Simon. http://www.switch.ch/misc/leinen/ For detailed info, follow this link: http://sourceforge.net/bugs/?func=detailbug&bug_id=121756&group_id=12694 |