subject:"Patch for CVE\-2015\-5621 in 5.7.1 code base"

Re: Patch for CVE-2015-5621 in 5.7.1 code base

2015-09-03 Thread Sampathkumar Santhanakrishnan

Thanks Alex & Niels ! I could generate patch and use it.

How to we test this fix ? does net-snmp has some security test suites
to be used ?

Sampath


On Tue, Sep 1, 2015 at 1:06 AM, Alexander Bergmann  wrote:
> Hi Sampath,
>
> you need to have 'V5-7-patches' as a local branch. Otherwise you're
> getting an error message.
>
> Just do a 'git checkout V5-7-patches' once and it should work.
>
> Regards,
> Alex~
>
> On Mon, Aug 31, 2015 at 11:22:35AM -0700, Sampathkumar Santhanakrishnan wrote:
>> Hi Alex,
>>  Thanks for sharing this info. I tried to get the diff and it
>> complains about "V5-7-patches".
>>
>> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch
>> fatal: ambiguous argument 'V5-7-patches': unknown revision or path not
>> in the working tree.
>> Use '--' to separate paths from revisions
>>
>> git branch
>> * master
>>
>> Thanks & Regards,
>> Sampath
>>
>> On Fri, Aug 28, 2015 at 5:41 AM, Alexander Bergmann  
>> wrote:
>> > Hi Sampathkumar,
>> >
>> > you can use git to get you a patch diff for this fix.
>> >
>> > Just clone the repo and run the following command.
>> >
>> > #> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch
>> >
>> > Then edit the file and delete everything execpt of changes inside the
>> > snmp_pdu_parse() function. Double check with the original fix and you
>> > are done.
>> >
>> > Hope that helps,
>> > Alex~
>> >
>> > On Thu, Aug 27, 2015 at 12:25:41AM -0700, Sampathkumar Santhanakrishnan 
>> > wrote:
>> >> Hello,
>> >>  I am looking for net-snmp 5.7.1 based patch for CVE-2015-5621
>> >>
>> >> "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and
>> >> earlier does not remove the varBind variable in a
>> >> netsnmp_variable_list item when parsing of the SNMP PDU fails, which
>> >> allows remote attackers to cause a denial of service (crash) and
>> >> possibly execute arbitrary code via a crafted packet."
>> >>
>> >> Can someone help on this ?
>> >>
>> >> Thanks & Regards,
>> >> Sampajtj
>> >>
>> >> --
>> >> ___
>> >> Net-snmp-coders mailing list
>> >> Net-snmp-coders@lists.sourceforge.net
>> >> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>> >>
>> >
>> > --
>> > Alexander Bergmann , Security Engineer,
>> > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
>> > Graham Norton, HRB 21284 (AG Nürnberg)
>>
>
> --
> Alexander Bergmann , Security Engineer,
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
> Graham Norton, HRB 21284 (AG Nürnberg)

--
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991=/4140
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Patch for CVE-2015-5621 in 5.7.1 code base

2015-09-01 Thread Niels Baggesen

On Mon, Aug 31, 2015 at 11:22:35AM -0700, Sampathkumar Santhanakrishnan wrote:
> Hi Alex,
>  Thanks for sharing this info. I tried to get the diff and it
> complains about "V5-7-patches".

This works:

git diff 345b9633ea4df23b863cba5defe5187d81fc505d^ 
345b9633ea4df23b863cba5defe5187d81fc505d >patch

Here is the patch

/Niels

-- 
Niels Baggesen - @home - Århus - Denmark - n...@users.sourceforge.net
The purpose of computing is insight, not numbers   ---   R W Hamming
diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c
index d0a4021..7f746bb 100644
--- a/snmplib/snmp_api.c
+++ b/snmplib/snmp_api.c
@@ -4352,10 +4352,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * 
length)
 u_char  type;
 u_char  msg_type;
 u_char *var_val;
-int badtype = 0;
 size_t  len;
 size_t  four;
-netsnmp_variable_list *vp = NULL;
+netsnmp_variable_list *vp = NULL, *vplast = NULL;
 oid objid[MAX_OID_LEN];
 u_char *p;
 
@@ -4495,38 +4494,24 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t 
* length)
   (ASN_SEQUENCE | ASN_CONSTRUCTOR),
   "varbinds");
 if (data == NULL)
-return -1;
+goto fail;
 
 /*
  * get each varBind sequence 
  */
 while ((int) *length > 0) {
-netsnmp_variable_list *vptemp;
-vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp));
-if (NULL == vptemp) {
-return -1;
-}
-if (NULL == vp) {
-pdu->variables = vptemp;
-} else {
-vp->next_variable = vptemp;
-}
-vp = vptemp;
+vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list);
+if (NULL == vp)
+goto fail;
 
-vp->next_variable = NULL;
-vp->val.string = NULL;
 vp->name_length = MAX_OID_LEN;
-vp->name = NULL;
-vp->index = 0;
-vp->data = NULL;
-vp->dataFreeHook = NULL;
 DEBUGDUMPSECTION("recv", "VarBind");
 data = snmp_parse_var_op(data, objid, >name_length, >type,
  >val_len, _val, length);
 if (data == NULL)
-return -1;
+goto fail;
 if (snmp_set_var_objid(vp, objid, vp->name_length))
-return -1;
+goto fail;
 
 len = MAX_PACKET_LENGTH;
 DEBUGDUMPHEADER("recv", "Value");
@@ -4606,7 +4591,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * 
length)
 vp->val.string = (u_char *) malloc(vp->val_len);
 }
 if (vp->val.string == NULL) {
-return -1;
+goto fail;
 }
 p = asn_parse_string(var_val, , >type, vp->val.string,
  >val_len);
@@ -4621,7 +4606,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * 
length)
 vp->val_len *= sizeof(oid);
 vp->val.objid = (oid *) malloc(vp->val_len);
 if (vp->val.objid == NULL) {
-return -1;
+goto fail;
 }
 memmove(vp->val.objid, objid, vp->val_len);
 break;
@@ -4633,7 +4618,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t * 
length)
 case ASN_BIT_STR:
 vp->val.bitstring = (u_char *) malloc(vp->val_len);
 if (vp->val.bitstring == NULL) {
-return -1;
+goto fail;
 }
 p = asn_parse_bitstring(var_val, , >type,
 vp->val.bitstring, >val_len);
@@ -4642,12 +4627,28 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char * data, size_t 
* length)
 break;
 default:
 snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type);
-badtype = -1;
+goto fail;
 break;
 }
 DEBUGINDENTADD(-4);
+
+if (NULL == vplast) {
+pdu->variables = vp;
+} else {
+vplast->next_variable = vp;
+}
+vplast = vp;
+vp = NULL;
 }
-return badtype;
+return 0;
+
+  fail:
+DEBUGMSGTL(("recv", "error while parsing VarBindList\n"));
+/** if we were parsing a var, remove it from the pdu and free it */
+if (vp)
+snmp_free_var(vp);
+
+return -1;
 }
 
 /*
--
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Patch for CVE-2015-5621 in 5.7.1 code base

2015-09-01 Thread Alexander Bergmann

Hi Sampath,

you need to have 'V5-7-patches' as a local branch. Otherwise you're
getting an error message.

Just do a 'git checkout V5-7-patches' once and it should work.

Regards,
Alex~

On Mon, Aug 31, 2015 at 11:22:35AM -0700, Sampathkumar Santhanakrishnan wrote:
> Hi Alex,
>  Thanks for sharing this info. I tried to get the diff and it
> complains about "V5-7-patches".
> 
> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch
> fatal: ambiguous argument 'V5-7-patches': unknown revision or path not
> in the working tree.
> Use '--' to separate paths from revisions
> 
> git branch
> * master
> 
> Thanks & Regards,
> Sampath
> 
> On Fri, Aug 28, 2015 at 5:41 AM, Alexander Bergmann  
> wrote:
> > Hi Sampathkumar,
> >
> > you can use git to get you a patch diff for this fix.
> >
> > Just clone the repo and run the following command.
> >
> > #> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch
> >
> > Then edit the file and delete everything execpt of changes inside the
> > snmp_pdu_parse() function. Double check with the original fix and you
> > are done.
> >
> > Hope that helps,
> > Alex~
> >
> > On Thu, Aug 27, 2015 at 12:25:41AM -0700, Sampathkumar Santhanakrishnan 
> > wrote:
> >> Hello,
> >>  I am looking for net-snmp 5.7.1 based patch for CVE-2015-5621
> >>
> >> "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and
> >> earlier does not remove the varBind variable in a
> >> netsnmp_variable_list item when parsing of the SNMP PDU fails, which
> >> allows remote attackers to cause a denial of service (crash) and
> >> possibly execute arbitrary code via a crafted packet."
> >>
> >> Can someone help on this ?
> >>
> >> Thanks & Regards,
> >> Sampajtj
> >>
> >> --
> >> ___
> >> Net-snmp-coders mailing list
> >> Net-snmp-coders@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
> >>
> >
> > --
> > Alexander Bergmann , Security Engineer,
> > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
> > Graham Norton, HRB 21284 (AG Nürnberg)
> 

-- 
Alexander Bergmann , Security Engineer,
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
Graham Norton, HRB 21284 (AG Nürnberg)


signature.asc
Description: Digital signature
--
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Patch for CVE-2015-5621 in 5.7.1 code base

2015-08-31 Thread Sampathkumar Santhanakrishnan

Hi Alex,
 Thanks for sharing this info. I tried to get the diff and it
complains about "V5-7-patches".

git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch
fatal: ambiguous argument 'V5-7-patches': unknown revision or path not
in the working tree.
Use '--' to separate paths from revisions

git branch
* master

Thanks & Regards,
Sampath

On Fri, Aug 28, 2015 at 5:41 AM, Alexander Bergmann  wrote:
> Hi Sampathkumar,
>
> you can use git to get you a patch diff for this fix.
>
> Just clone the repo and run the following command.
>
> #> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch
>
> Then edit the file and delete everything execpt of changes inside the
> snmp_pdu_parse() function. Double check with the original fix and you
> are done.
>
> Hope that helps,
> Alex~
>
> On Thu, Aug 27, 2015 at 12:25:41AM -0700, Sampathkumar Santhanakrishnan wrote:
>> Hello,
>>  I am looking for net-snmp 5.7.1 based patch for CVE-2015-5621
>>
>> "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and
>> earlier does not remove the varBind variable in a
>> netsnmp_variable_list item when parsing of the SNMP PDU fails, which
>> allows remote attackers to cause a denial of service (crash) and
>> possibly execute arbitrary code via a crafted packet."
>>
>> Can someone help on this ?
>>
>> Thanks & Regards,
>> Sampajtj
>>
>> --
>> ___
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>
> --
> Alexander Bergmann , Security Engineer,
> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
> Graham Norton, HRB 21284 (AG Nürnberg)

--
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Patch for CVE-2015-5621 in 5.7.1 code base

2015-08-28 Thread Alexander Bergmann

Hi Sampathkumar,

you can use git to get you a patch diff for this fix.

Just clone the repo and run the following command.

# git diff v5.7.1 V5-7-patches snmplib/snmp_api.c  fix-5.7.1.patch

Then edit the file and delete everything execpt of changes inside the
snmp_pdu_parse() function. Double check with the original fix and you
are done.

Hope that helps,
Alex~

On Thu, Aug 27, 2015 at 12:25:41AM -0700, Sampathkumar Santhanakrishnan wrote:
 Hello,
  I am looking for net-snmp 5.7.1 based patch for CVE-2015-5621
 
 The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and
 earlier does not remove the varBind variable in a
 netsnmp_variable_list item when parsing of the SNMP PDU fails, which
 allows remote attackers to cause a denial of service (crash) and
 possibly execute arbitrary code via a crafted packet.
 
 Can someone help on this ?
 
 Thanks  Regards,
 Sampajtj
 
 --
 ___
 Net-snmp-coders mailing list
 Net-snmp-coders@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
 

-- 
Alexander Bergmann abergm...@suse.com, Security Engineer,
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
Graham Norton, HRB 21284 (AG Nürnberg)


signature.asc
Description: Digital signature
--
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Patch for CVE-2015-5621 in 5.7.1 code base

2015-08-27 Thread Sampathkumar Santhanakrishnan

Hello,
 I am looking for net-snmp 5.7.1 based patch for CVE-2015-5621

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and
earlier does not remove the varBind variable in a
netsnmp_variable_list item when parsing of the SNMP PDU fails, which
allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted packet.

Can someone help on this ?

Thanks  Regards,
Sampajtj

--
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Patch for CVE-2015-5621 in 5.7.1 code base

Re: Patch for CVE-2015-5621 in 5.7.1 code base

Re: Patch for CVE-2015-5621 in 5.7.1 code base

Re: Patch for CVE-2015-5621 in 5.7.1 code base

Re: Patch for CVE-2015-5621 in 5.7.1 code base

Patch for CVE-2015-5621 in 5.7.1 code base

6 matches

Site Navigation

Mail list logo

Footer information