commit b99b7801ac4ef372d0bb6ed50f6d02f2d13ca664 · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

net_snmp: fix CVE-2018-18065

(cherry picked from commit 2f7c24295357240da704cb28c4240ecef36bcd7c)

Andreas Rammhold 7 years ago b99b7801 c56ede78

+31

2 changed files

expand all

unified split

pkgs

servers

monitoring

net-snmp

CVE-2018-18065.patch

default.nix

+30

pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch

···

··· 1 + commit 7ffb8e25a0db851953155de91f0170e9bf8c457d 2 + Author: Robert Story <rstory@freesnmp.com> 3 + Date: Thu Oct 6 10:43:10 2016 -0400 4 + 5 + CHANGES: BUG: 2743: snmpd crashes when receiving a GetNext PDU with multiple Varbinds 6 + 7 + skip out-of-range varbinds when calling next handler 8 + 9 + diff --git a/agent/helpers/table.c b/agent/helpers/table.c 10 + index 32a08033a..2666638b5 100644 11 + --- a/agent/helpers/table.c 12 + +++ b/agent/helpers/table.c 13 + @@ -340,6 +340,8 @@ table_helper_handler(netsnmp_mib_handler *handler, 14 + else if (reqinfo->mode == MODE_GET) 15 + table_helper_cleanup(reqinfo, request, 16 + SNMP_NOSUCHOBJECT); 17 + + else 18 + + request->processed = 1; /* skip if next handler called */ 19 + continue; 20 + } 21 + 22 + @@ -409,6 +411,8 @@ table_helper_handler(netsnmp_mib_handler *handler, 23 + else if (reqinfo->mode == MODE_GET) 24 + table_helper_cleanup(reqinfo, request, 25 + SNMP_NOSUCHOBJECT); 26 + + else 27 + + request->processed = 1; /* skip if next handler called */ 28 + continue; 29 + } 30 + /*

pkgs/servers/monitoring/net-snmp/default.nix

··· 19 (fetchAlpinePatch "fix-includes.patch" "0zpkbb6k366qpq4dax5wknwprhwnhighcp402mlm7950d39zfa3m") 20 (fetchAlpinePatch "netsnmp-swinst-crash.patch" "0gh164wy6zfiwiszh58fsvr25k0ns14r3099664qykgpmickkqid") 21 (fetchAlpinePatch "remove-U64-typedef.patch" "1msxyhcqkvhqa03dwb50288g7f6nbrcd9cs036m9xc8jdgjb8k8j") 22 ]; 23 24 preConfigure =