1 551030 - Memory corruption in TCP-MIB::tcpListenerProcess
3 Source: upstream, SVN rev. 17861
5 CHANGES: snmpd: Fixed invalid access to memory in TCP-MIB
7 diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
8 index 7259bf8..e274d19 100644
9 --- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
10 +++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
11 @@ -155,6 +155,8 @@ tcpConnectionTable_rowreq_ctx_cleanup(tcpConnectionTable_rowreq_ctx *
13 * TODO:211:o: |-> Perform extra tcpConnectionTable rowreq cleanup.
15 + netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
16 + rowreq_ctx->data = NULL;
17 } /* tcpConnectionTable_rowreq_ctx_cleanup */
20 diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
21 index 807dd9d..fec6bef 100644
22 --- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
23 +++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
24 @@ -256,7 +256,8 @@ tcpConnectionTable_container_load(netsnmp_container *container)
25 * free the container. we've either claimed each entry, or released it,
26 * so the dal function doesn't need to clear the container.
28 - netsnmp_access_tcpconn_container_free(raw_data, 0);
29 + netsnmp_access_tcpconn_container_free(raw_data,
30 + NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
32 DEBUGMSGT(("verbose:tcpConnectionTable:tcpConnectionTable_cache_load",
33 "%d records\n", (int)CONTAINER_SIZE(container)));
34 diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
35 index f3009dd..ebd672b 100644
36 --- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
37 +++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
38 @@ -154,6 +154,8 @@ tcpListenerTable_rowreq_ctx_cleanup(tcpListenerTable_rowreq_ctx *
40 * TODO:211:o: |-> Perform extra tcpListenerTable rowreq cleanup.
42 + netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
43 + rowreq_ctx->data = NULL;
44 } /* tcpListenerTable_rowreq_ctx_cleanup */
47 diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
48 index 09ba655..b25d5db 100644
49 --- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
50 +++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
51 @@ -254,7 +254,8 @@ tcpListenerTable_container_load(netsnmp_container *container)
52 * free the container. we've either claimed each entry, or released it,
53 * so the dal function doesn't need to clear the container.
55 - netsnmp_access_tcpconn_container_free(raw_data, 0);
56 + netsnmp_access_tcpconn_container_free(raw_data,
57 + NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
59 DEBUGMSGT(("verbose:tcpListenerTable:tcpListenerTable_cache_load",
60 "%d records\n", (int)CONTAINER_SIZE(container)));