Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

snmpd crashes when configured as a proxy (with a wrong authentication pass phrase for the agent) and when the manager requests 2 OID #82

Closed
uaksag opened this issue Mar 18, 2020 · 3 comments
Closed

snmpd crashes when configured as a proxy (with a wrong authentication pass phrase for the agent) and when the manager requests 2 OID #82

uaksag opened this issue Mar 18, 2020 · 3 comments

Comments

@uaksag
Copy link

uaksag commented Mar 18, 2020

I have an environment with a manger, a proxy and an agent. The manager requests the proxy (127.0.0.1 below) with a context name (myContext below) corresponding to the agent. The proxy is running snmpd version 5.8.1.pre2 on CentOS 8, compiled and installed from Github. When the proxy received the request, it request the agent (192.168.38.5 below).

Proxy configuration :

rouser myProxyUser
proxy -Cn myContext -r 0 -v 3 -l authNoPriv -u myAgentUser -a SHA -A myAgentAuthPass 192.168.38.5 .1.3

Agent configuration :

rouser myAgentUser

Everything works well. Result on the manger :

snmpget -r 0 -v 3 -l authNoPriv -u myProxyUser -a SHA -A myProxyAuthPass -n myContext 127.0.0.1 SNMPv2-MIB:sysName.0 SNMPv2-MIB:sysDescr.0
SNMPv2-MIB::sysName.0 = STRING: centos-7
SNMPv2-MIB::sysDescr.0 = STRING: Linux centos-7 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64

However, if the authentication pass phrase for the agent on the proxy is wrong, the proxy crashes!

Proxy configuration :

rouser myProxyUser
proxy -Cn myContext -r 0 -v 3 -l authNoPriv -u myAgentUser -a SHA -A myAgentAuthPassWRONG 192.168.38.5 .1.3

Result on the manger :

snmpget -r 0 -v 3 -l authNoPriv -u myProxyUser -a SHA -A myProxyAuthPass -n myContext 127.0.0.1 SNMPv2-MIB:sysName.0 SNMPv2-MIB:sysDescr.0
Timeout: No Response from 127.0.0.1.

And result on the proxy :

/usr/local/sbin/snmpd -Le -f
/var/net-snmp/snmpd.conf: line 47: Warning: Unknown token: ifXTable.
/var/net-snmp/snmpd.conf: line 48: Warning: Unknown token: ifXTable.
NET-SNMP version 5.8.1.pre2
response to proxy request illegal.  We're screwed.
free(): invalid pointer
Aborted (core dumped)

It seems to be caused because the proxy sends a request with 2 OID and receive a response with only 1 OID (1.3.6.1.6.3.15.1.1.5.0, usmStatsWrongDigests). The error message come from agent/mibgroup/ucd-snmp/proxy.c, line 729.

I expect the snmpd to log an error, but not to crashes.
bvanassche added a commit to bvanassche/net-snmp that referenced this issue Mar 22, 2020
@bvanassche
snmpd: UCD-SNMP proxy: Fix a crash triggered by a wrong passphrase
b67afb8 
See also net-snmp#82 .
@bvanassche
Copy link
Contributor

A candidate fix has been checked in on the v5.8 and master branches. Please retest.

@uaksag
Copy link
Author

uaksag commented Mar 23, 2020

The fix works. Thanks!

@bvanassche
Copy link
Contributor

Thanks for the feedback :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bvanassche @uaksag