Activity for Bill Fenner
-
Bill Fenner posted a comment on ticket #2420
This is a bug in the Debian/Ubuntu snmp-mibs-downloader. It should not be installing SNMPv2-PDU in a location that net-snmp is looking for MIB modules. SNMPv2-PDU is not a MIB module.
-
The option "-s" for trap2sink was added in https://github.com/net-snmp/net-snmp/commit/df26f8f2d51409827a3ce131c1b9de67d01ee6e5 - you can see "else if (strcmp(sp, "-s") == 0)" was added in that commit. This commit was included in net-snmp 5.8. What happens when you try to use "-s"? (It was never added to the documentation, either the man page or the usage message, but it exists)
-
snmppcap: add the ability to process packets like the agent
-
CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
-
CHANGES: snmpd: recover SET status from delegated request
-
Merge branch 'V5-9-patches'
-
This sounds like what I fixed in 06a02b7c708c1ea2bf67e59c333001e8ce128dff ?
-
snmpd.conf: document the "-s" argument to trap*
-
Merge branch 'V5-8-patches'
-
Merge branch 'V5-8-patches'
-
ci: skip mibs that do not support read-only
-
ci: fix env configuration
-
ci: display configure command in Travis log
-
SNMP-TARGET-MIB: express features used (broken by 58ae9e6b11)
-
minimalist: adapt to semicolon-terminated feature macros
-
libsnmp: free filenames from directory listing
-
Merge branch 'V5-8-patches'
-
Avoid off-by-one error when logging "" to a file
-
Merge branch 'V5-8-patches'
-
Our analysis ended up being that this was an API flaw and the code added in 5.8 could never have worked - when rebuilding the pdu forward, we need the info that was freed while trying to build the pdu backward. I think the right fix is to move the functionality into a new function whose API is to not free on failure, and use that when building if you think you might try to rebuild the pdu forward. Bill On Fri, Feb 15, 2019 at 3:46 PM Sam Tannous stannous-cn@users.sourceforge.net wrote: Just noticed...
-
Hi Sam! Does requesting a small messageMaxSize cause this more often, like, snmpbulkget --sendMessageMaxSize=%d -Cn%d -Cr%d ... We had some problems in this area and I forget if this was the cause. I don't remember the details of when the crash happened for us, the regression test uses for i in [ None, 65530, 32768, 32767, 9000, 1600, 1472 ] + range( 1400, 40, -40): and I have a vague memory of it starting at 1472. Bill
-
Starting in net-snmp 5.8, you can configure as follows: trap2sink -s 10.36.106.11 10.120.21.214 public trap2sink -s 2620:10a:6000:2500::6a0b 2620:10a:6000:7814::4ee public You can specify a source address on a trap2sink or trapsess configuration line with "-s".
-
agentxTimeout and agentXRestries default values not set
-
As you mention in an email followup, -1 actually means "use the session values", it would probably be more clear if the -1's were changed to SNMP_DEFAULT_TIMEOUT and SNMP_DEFAULT_RETRIES. I'll keep this open to track making this improvement.
-
Frank, request->requestvb->val.string is not a C string - it is not necessarily nul-terminated so you can not use string((char*)request->requestvb->val.string) . You should use the sequence constructor, string((char*)request->requestvb->val.string, request->requestvb->val_len).
-
I'd recommend a small C program run during autoconf that #includes <openssl opensslv.h=""> and checks if ( OPENSSL_VERSION_NUMBER < 0x10100000 ) and sets a config.h variable.</openssl> Bill On Mon, Nov 19, 2018 at 11:28 AM bart bvassche@users.sourceforge.net wrote: Please parse the version string properly instead of using grep. How about using IFS and set as in the following example? (IFS=.; set 3.4.5; echo $1 $2 $3) [patches:#1382] https://sourceforge.net/p/net-snmp/patches/1382/ Skip tlstcp ipv6...
-
Hi Anders, did you mean to attach an updated patch file, or were you saying that the original patch ("0001-adding-a-delay-in-STlsVars.patch") is the best one?
-
Specify the default port of ":0" when parsing source addresses.
-
Parse a bare IPv6 address, which netsnmp_parse_ep_str() won't.
-
Go back to testing ::1, without brackets, for IPv6.
-
Fix UDP/IPv6 address parsing. Add default tracing.
-
Fix typo: test IPv6, not IPv4.
-
Fix clientaddr for v6 traps by zeroing the port number
-
Merge branch 'V5-7-patches' into V5-8-patches
-
Tests for setting the source address of trap messages
-
Bind to the address that we chose above, not just to the session address
-
Merge branch 'V5-7-patches' into V5-8-patches
-
Fix typo: test v6
-
Add trap source tests for "trapsess -s"
-
Add some default tracing for trap source tests
-
Avoid logging "unknown snmp version" for agentx
-
routex.c now uses the sockaddr_size feature
-
The SNMP data module is defined by MIB modules. 1.3.6.1.2.1.2.2.1.1 is also known as IF-MIB::ifIndex. IF-MIB is available at http://www.net-snmp.org/docs/mibs/interfaces.html and you can see that the legal values defined for ifIndex there are 1 .. 2147483647. You may find that ifDescr, ifName or ifAlias (see also http://www.net-snmp.org/docs/mibs/ifMIBObjects.html ) are the descriptions that you'd like to see.
-
snmpwalk output for OID sysUpTime does not match with "uptime" output.
-
This is correct behavior. If you want system uptime, use HOST-RESOURCES-MIB::hrSystemUptime.
-
does that mean that the IPv6 scope ID has another meaning than binding to an interface? When the zone ID is for a link-local zone, it means binding to an interface. Otherwise, it becomes more abstract. See, for example, the picture on page 10 of https://tools.ietf.org/html/rfc4007 . The scope "admin1" encompasses 3 or 4 interfaces, so saying that the zone ID necessarily is an interface makes it hard or impossible to specify "admin1". Now, I will admit that site-local has been removed from the IPv6...
-
Arista faced a similar need with Linux network namespaces. We chose to implement ours as a new transport: e.g., udpns:<namespace name="">:address . (I haven't upstreamed this code because we didn't do a good job of modularizing it. I do plan to refactor it at some point so that this is possible.)</namespace> I do not think you can safely use "%" as the delimiter if you plan to support IPv6, since that character is already used in IPv6 to separate the zone ID (which is sometimes an interface name,...
-
Hi Sam, Can you try this patch: --- a/snmplib/transports/snmpUDPIPv4BaseDomain.c +++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c @@ -312,7 +312,7 @@ netsnmp_udpipv4base_tspec_transport(netsnmp_tdomain_spec *tspec) if (NULL != tspec->source) { struct sockaddr_in src_addr, *srcp = &src_addr; /** get sockaddr from source */ - if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, NULL)) + if (!netsnmp_sockaddr_in2(&src_addr, tspec->source, ":0")) return NULL; return netsnmp_udpipv4base_transport_with_source(&addr,...
-
Remove code that accidentally crept in during conflict resolution.
-
Merge branch 'V5-8-patches'
-
Fix a typo in feature ifdef for netsnmp_strdup
-
Add V5-8-patches to list of active branches
-
Merge branch 'V5-7-patches' into V5-8-patches
-
Merge branch 'V5-8-patches'
-
snmpset counter32
-
Counters can not be written. https://tools.ietf.org/html/rfc2578#section-7.1.6 says: The value of the MAX-ACCESS clause for objects with a SYNTAX clause value of Counter32 is either "read-only" or "accessible-for-notify". You can not write an object that is "read-only" or "accessible-for-notify".
-
Who has authority to reject a CVE? As far as I know, anyone can get a CVE number and claim anything using it.
-
Have you tried using the "udp6:" prefix?
-
I am also interested in finding a way to exploit this bug to cause DOS on the snmpd server. The original reporter was unable to; as far as I can tell the report in this bug hasn't done anything other than describe the fact that the return value is incorrect and not explored the ramifications. You're right that the varbind parsing should be the same for v1/v2c/v3. I'm sorry for my fuzzy thinking earlier - of course given that the only demonstrated vulnerability is of snmpget parsing a bad return value,...
-
I wrote the "snmppcap" code that you find in apps/ for the purpose of evaluating user-submitted packet captures, and unless I am remembering wrong, at least one of the pcap's attached to that report caused a crash due to a NULL pointer - but this is the client behavior, e.g., "snmpget" against a malicious server could crash. Re-reading my notes, we asked the original reporter a few times how to get the server to crash and he was at best cagy, and said that he could not make it crash. Based on the...
-
The original bug report for this issue https://sourceforge.net/p/net-snmp/bugs/2615/ has a couple of .pcap files attached; those might help you determine the sequence of bytes that he used to show the issue.
-
Don't try to build snmpping when set support is disabled.
-
snmplib: fix clientaddr
-
Isn't it always the way, you have an idea right after giving up? I'm running this patch through my test suites now. --- a/snmplib/transports/snmpUDPIPv4BaseDomain.c +++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c @@ -367,7 +370,7 @@ netsnmp_udpipv4base_transport(const struct sockaddr_in *addr, int local) rc = netsnmp_sockaddr_in2(&client_addr, client_socket, NULL); if (client_address != client_socket) free(client_address); - if(!rc) { + if(rc) { if (!uses_port || !have_port) /* if port isn't from...
-
5.8 regression: clientaddr no longer affects source address of traps
-
If you're able to compile a patched net-snmp, can you try applying the patches from https://github.com/fenner/net-snmp/commit/76a9bd3f18b23e97e7a51b89b1e20888155036da and https://github.com/fenner/net-snmp/commit/422c0c66285d1f9449260b0bc9a728b2d3dfc419 These fix a problem that I had with view application. Maybe they will help you too. The first one at least adds some debugging that might help understand what's happening, run snmpd with -f -Le -Dsnmp_agent
-
SNMP.pm RetryNoSuch doesn't work as documented
-
Reformat per "improved" SourceForge formatting
-
Fix minimal agent with tls: move X509_get_signature_nid outside NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES
-
Merge branch 'V5-7-patches'
-
Anders, would you mind having a look at the existing testing and how to extend it to keep this from regressing? cd testing ./RUNFULLTESTS -g tls Is it as simple as further parameterizing the STlsUsers script to force the certificate type and adding more T***User scripts to set those parameters?
-
Thanks for looking into this, Anders. Naively, without being familiar with the details but just looking at the change, I'm assuming that the +1 in fingerprint[60+1] is to accomodate a trailing NUL, so does it have to be fingerprint[EVP_MAX_MD_SIZE*3+1] and fp[EVP_MAX_MD_SIZE*3+1]?
-
Logical error in agent/helpers/table.c when --enable-read-only is used during configuring
-
I've committed a patch to the V5-7-patches and master git branches. Could you please test?
-
compile error with net-snmp-5.8.pre2/agent/snmp_agent.c
-
I've committed a patch to the V5-7-patches and master git branches. Could you please test?
-
Second compile error with net-snmp-5.8.pre2/agent/snmp_agent.c
-
I've committed a patch to the V5-7-patches and master git branches. Could you please test?
-
make python client build with --enable-read-only
-
CHANGES: snmpd: BUG: 2845: fix compilation error with NETSNMP_NO_WRITE_SUPPORT
-
CHANGES: snmpd: BUG: 2810: from "Minzhuan Gong": fix compile with --enable-read-only
-
CHANGES: snmpd: BUG: 2846: fix agent compile when both --enable-read-only and --disable-set-support are given.
-
Merge branch 'V5-7-patches'
-
Does this only happen when you configure with both --enable-read-only and --disable-set-support? I think the right fix for this case is to change the code in handle_snmp_packet() to be more like #if defined(NETSNMP_DISABLE_SET_SUPPORT) && !defined(NETSNMP_NO_WRITE_SUPPORT) if (pdu->command == SNMP_MSG_SET) { ... } #endif since it's clear that the NETSNMP_NO_WRITE_SUPPORT case pretends that SNMP_MSG_SET is an invalid command, not a known one that we want to reply to with not-writable.
-
Compilation error with net-snmp-5.8.pre2/agent/helpers/table.c
-
Thanks for the bug report. This was previously reported against 5.7.3 in https://sourceforge.net/p/net-snmp/bugs/2810/ .
-
snmplib: asn1: audit length checks
-
Don't check the sign of a 0-length int64
-
Merge branch 'V5-7-patches'
-
NET-SNMP Heap Corruption
-
This is a duplicate of #2615, which was CVE-2015-5621.
-
From Code point of view, how net-snmp fetches interface ip addresses ?
-
Duplicate of #2843
-
net-snmp snmp_pdu_parse() function incompletely initialization vulnerability
-
The man page for snmpwalk says: If no OID argument is present, snmpwalk will search the subtree rooted at SNMPv2-SMI::mib-2 (including any MIB object values from other MIB modules, that are defined as lying within this subtree). This is the behavior that you're seeing: NET-SNMP-EXTEND-MIB::nsExtendObjects is not under the subtree rooted at SNMPv2-SMI::mib-2. When I use snmpwalk and want to see the entire tree, I tend to use "snmpwalk ... .1". (Yes, this only includes the iso tree and not the ccitt...
-
snmplib: asn1: audit length checks
1 >