#1406 possible snmpd crash when snmp subagent connection timeout.
Version: net-snmp-5.7.3+dfsg
uname -a: Linux MyDUT 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u5 (2015-12-19) x86_64 GNU/Linux
Fix snmpd crash that could happen when netsnmp session with an agent closes due to timeout.
Background:
A netsnmp_session could register netsnmp_subtrees with AGENTX_MSG_REGISTER command
These netsnmp_subtree objects gets associated with corresponding netsnmp_session
When an agent explicitly/implicitly/timeout closes the netsnmp_session, all the associated netsnmp_subtree objects get freed.
But these netsnmp_subtree objects could be in use by requests from other netsnmp_sessions
During close, it sweeps across all requests from all delegated netsnmp_agent_sessions, fail them, to get them undelegated & close, before proceeding to release all the associated subtrees.
Bug:
While walking all requests of a netsnmp_agent_session, it tries to use the next pointer of request.
The next pointer links only requests that share this cache/cache-id.
To scan all requests, we would need to walk across all cahces (asp->treecache_num).
Or walk acrosss all requests 0 .. asp->vbcount, as requests are maintained as an array of vbcount.
It is more robust to walk until vbcount, as that takes care of possible scenarios where a request is not yet added to cache.
Fix:
To scan all requests, don't use next pointer, but instead walk the range 0 .. vbcount.
Looks like addressed by https://sourceforge.net/p/net-snmp/patches/1237/