Launchpad always seems to get the package wrong, it's odd. To make net-snmp crash:
- Turn debugging on (the crashing happens when dumping the certificate as part of debug logging). - Include a cert with an extension that, when printed, is longer than 512 bytes. - The cert I was using is an EV certificate issued by Globalsign, the certificate transparency section is really large. I think (need to check) that nsComment isn't technically an extension, and so won't be printed by net-snmp's certificate dump code. Another way to force the bug is reduce SNMP_MAXBUF_SMALL to something tiny, like 1 byte. It will crash on any extension. https://github.com/net-snmp/net- snmp/blob/V5-7-patches/snmplib/snmp_openssl.c#L482 This is the crash in an old branch that is unpatched: https://github.com/net-snmp/net- snmp/blob/V5-7-patches/snmplib/snmp_openssl.c#L502 If the extension is too long, the _cert_get_extension_str_at() function returns NULL. This NULL is fed into strchr(), and boom. The fix is in two parts - first, use a proper sized buffer that an extension can fit in, and if that's not enough, check str for NULL before trying to strchr() on it. There were two attempts at a fix, one to stop the crash, and the second to fix the buffer length and stop the crash while also printing the name of the extension (but not value). Could potentially be confusing. Two fixes were developed at the same time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912389 Title: [Patch] SIGSEGV: crash when certificate contains extension longer than 512 bytes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1912389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
