Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
When calling snmp_async_send(), the callback function is called whether or not sending succeeds. Since the agentx_got_response() callback function frees the cache unconditionally, calling netsnmp_free_delegated_cache() explicitly after snmp_async_send() is wrong. See also https://sourceforge.net/p/net-snmp/bugs/2943/. Fixes: f9304c8 ("CHANGES: PATCH 1633670: fixed snmpd crashing when an AgentX subagent disconnect in the middle of processing of a request.") # v5.8.
- Loading branch information
f3e8074
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello Bart, do you know if a CVE was assigned to this issue? if not, would a CVE be appropriate?
Thanks
f3e8074
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not know who assigns CVE numbers to Net-SNMP issues.
f3e8074
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably Net-SNMP is 'in-scope' for half-dozen or more cve number authorities; red hat, debian, suse, ubuntu, github, mitre, come to mind quickly, I'm sure there's others, too.
Unfortunately, I've now lost the thread of what prompted my question in the first place, I'm surprised it took me two weeks to get back to this.
Anyway, is this the sort of thing that'd be 'under control of an attacker' in any way? It's hard for me to judge in isolation, it feels like it's just a bug, but if this could allow a malicious entity to gain control over Net-SNMP, or deprive others of the legitimate use of it, it's probably worth drawing attention to it with a CVE.
Thanks