net-snmp-5.7.2: fix CVE-2014-2285

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2285 Signed-off-by: yzhu1 <yanjun.zhu@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
author: yzhu1 <yanjun.zhu@windriver.com> 2014-05-09 16:40:37 +0800
committer: Joe MacDonald <joe@deserted.net> 2014-05-09 10:18:40 -0400
commit: 9747141c09c641ce2364f246805be1682bbb7a9a (patch)
tree: 8d766e93ad172481e7113c994e37f6f0d897aeee
parent: 7361149c47dc846552e574456c607d1bef508b08 (diff)
download: meta-openembedded-9747141c09c641ce2364f246805be1682bbb7a9a.tar.gz
2 files changed, 27 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch b/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch
new file mode 100644
index 000000000..8267eeb75
--- /dev/null
+++ b/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch
@@ -0,0 +1,26 @@
+--- a/perl/TrapReceiver/TrapReceiver.xs
+++ b/perl/TrapReceiver/TrapReceiver.xs
+@@ -81,18 +81,18 @@ int   perl_trapd_handler( netsnmp_pdu   
+         STOREPDUi("securitymodel", pdu->securityModel);
+         STOREPDUi("securitylevel", pdu->securityLevel);
+         STOREPDU("contextName",
+-                 newSVpv(pdu->contextName, pdu->contextNameLen));
+                 newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
+         STOREPDU("contextEngineID",
+-                 newSVpv((char *) pdu->contextEngineID,
+                 newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "",
+                                     pdu->contextEngineIDLen));
+         STOREPDU("securityEngineID",
+-                 newSVpv((char *) pdu->securityEngineID,
+                 newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "",
+                                     pdu->securityEngineIDLen));
+         STOREPDU("securityName",
+-                 newSVpv((char *) pdu->securityName, pdu->securityNameLen));
+                 newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen));
+     } else {
+         STOREPDU("community",
+-                 newSVpv((char *) pdu->community, pdu->community_len));
+                 newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len));
+     }
+ 
+     if (transport && transport->f_fmtaddr) {
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb
index 8f20ce9a3..eb50d0fd4 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb
@@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
        file://snmptrapd.service \
        file://ifmib.patch \
        file://net-snmp-5.7.2-fix-CVE-2014-2284.patch \
+        file://net-snmp-5.7.2-fix-CVE-2014-2285.patch \
 "
 SRC_URI[md5sum] = "5bddd02e2f82b62daa79f82717737a14"
author	yzhu1 <yanjun.zhu@windriver.com>	2014-05-09 16:40:37 +0800
committer	Joe MacDonald <joe@deserted.net>	2014-05-09 10:18:40 -0400
commit	9747141c09c641ce2364f246805be1682bbb7a9a (patch)
tree	8d766e93ad172481e7113c994e37f6f0d897aeee
parent	7361149c47dc846552e574456c607d1bef508b08 (diff)
download	meta-openembedded-9747141c09c641ce2364f246805be1682bbb7a9a.tar.gz

diff --git a/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch b/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch new file mode 100644 index 000000000..8267eeb75 --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch
@@ -0,0 +1,26 @@
		1	--- a/perl/TrapReceiver/TrapReceiver.xs
		2	+++ b/perl/TrapReceiver/TrapReceiver.xs
		3	@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu
		4	STOREPDUi("securitymodel", pdu->securityModel);
		5	STOREPDUi("securitylevel", pdu->securityLevel);
		6	STOREPDU("contextName",
		7	- newSVpv(pdu->contextName, pdu->contextNameLen));
		8	+ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
		9	STOREPDU("contextEngineID",
		10	- newSVpv((char *) pdu->contextEngineID,
		11	+ newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "",
		12	pdu->contextEngineIDLen));
		13	STOREPDU("securityEngineID",
		14	- newSVpv((char *) pdu->securityEngineID,
		15	+ newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "",
		16	pdu->securityEngineIDLen));
		17	STOREPDU("securityName",
		18	- newSVpv((char *) pdu->securityName, pdu->securityNameLen));
		19	+ newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen));
		20	} else {
		21	STOREPDU("community",
		22	- newSVpv((char *) pdu->community, pdu->community_len));
		23	+ newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len));
		24	}
		25
		26	if (transport && transport->f_fmtaddr) {


diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb index 8f20ce9a3..eb50d0fd4 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.2.bb
@@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
17	file://snmptrapd.service \	17	file://snmptrapd.service \
18	file://ifmib.patch \	18	file://ifmib.patch \
19	file://net-snmp-5.7.2-fix-CVE-2014-2284.patch \	19	file://net-snmp-5.7.2-fix-CVE-2014-2284.patch \
		20	file://net-snmp-5.7.2-fix-CVE-2014-2285.patch \
20	"	21	"
21		22
22	SRC_URI[md5sum] = "5bddd02e2f82b62daa79f82717737a14"	23	SRC_URI[md5sum] = "5bddd02e2f82b62daa79f82717737a14"