You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ ./agent/snmpd -fd -C -r -c "fuzz_input.conf.txt" 127.0.0.1:12345
=================================================================
==239331==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200002b710 at pc 0x7f2aba5d2143 bp 0x7ffc96108ed0 sp 0x7ffc96108ec0
WRITE of size 4 at 0x60200002b710 thread T0
#0 0x7f2aba5d2142 in setup_engineID /home/user/Desktop/net-snmp/snmplib/snmpv3.c:587
#1 0x7f2aba5d462d in init_snmpv3_post_premib_config /home/user/Desktop/net-snmp/snmplib/snmpv3.c:1114
#2 0x7f2aba5e486c in snmp_call_callbacks /home/user/Desktop/net-snmp/snmplib/callback.c:360
#3 0x7f2aba5ac78a in read_premib_configs /home/user/Desktop/net-snmp/snmplib/read_config.c:1114
#4 0x7f2aba51a6a4 in init_snmp /home/user/Desktop/net-snmp/snmplib/snmp_api.c:925
#5 0x5583ed7faec1 in main /home/user/Desktop/net-snmp/agent/snmpd.c:909
#6 0x7f2ab9a23a8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x7f2ab9a23b48 in __libc_start_main_impl ../csu/libc-start.c:360
#8 0x5583ed7f7ee4 in _start (/home/user/Desktop/net-snmp/agent/.libs/snmpd+0x8ee4) (BuildId: 5a392703b0edb942f603e011c18761693f91fd48)
0x60200002b711 is located 0 bytes after 1-byte region [0x60200002b710,0x60200002b711)
allocated by thread T0 here:
#0 0x7f2abc0de9a7 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
#1 0x7f2aba5d2043 in setup_engineID /home/user/Desktop/net-snmp/snmplib/snmpv3.c:579
#2 0x7f2aba5d462d in init_snmpv3_post_premib_config /home/user/Desktop/net-snmp/snmplib/snmpv3.c:1114
#3 0x7f2aba5e486c in snmp_call_callbacks /home/user/Desktop/net-snmp/snmplib/callback.c:360
#4 0x7f2aba5ac78a in read_premib_configs /home/user/Desktop/net-snmp/snmplib/read_config.c:1114
#5 0x7f2aba51a6a4 in init_snmp /home/user/Desktop/net-snmp/snmplib/snmp_api.c:925
#6 0x5583ed7faec1 in main /home/user/Desktop/net-snmp/agent/snmpd.c:909
#7 0x7f2ab9a23a8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/user/Desktop/net-snmp/snmplib/snmpv3.c:587 in setup_engineID
Shadow bytes around the buggy address:
0x60200002b480: fa fa 05 fa fa fa 07 fa fa fa 05 fa fa fa 07 fa
0x60200002b500: fa fa 05 fa fa fa 07 fa fa fa 05 fa fa fa 07 fa
0x60200002b580: fa fa 05 fa fa fa 07 fa fa fa 00 03 fa fa 07 fa
0x60200002b600: fa fa 05 fa fa fa 05 fa fa fa 00 02 fa fa 06 fa
0x60200002b680: fa fa 07 fa fa fa 04 fa fa fa 00 fa fa fa 04 fa
=>0x60200002b700: fa fa[01]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x60200002b780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x60200002b800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x60200002b880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x60200002b900: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x60200002b980: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==239331==ABORTING
The text was updated successfully, but these errors were encountered:
case ENGINEID_TYPE_NETSNMP_RND: /* Net-SNMP specific encoding */
if (engineID) /* already setup, keep current value */
return engineIDLength;
if (oldEngineID) {
len = oldEngineIDLength;
and so effectively calls calloc(1,0). The successive memcpy on line 587 then goes out of bounds: memcpy(bufp, &netsnmpoid, sizeof(netsnmpoid)); /* XXX Must be 4 bytes! */
The text was updated successfully, but these errors were encountered: