net-snmp-5.5-tcp-pid.patch

   1 551030 -  Memory corruption in TCP-MIB::tcpListenerProcess
   2
   3 Source: upstream, SVN rev. 17861
   4
   5     CHANGES: snmpd: Fixed invalid access to memory in TCP-MIB
   6
   7 diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
   8 index 7259bf8..e274d19 100644
   9 --- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
  10 +++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c
  11 @@ -155,6 +155,8 @@ tcpConnectionTable_rowreq_ctx_cleanup(tcpConnectionTable_rowreq_ctx *
  12      /*
  13       * TODO:211:o: |-> Perform extra tcpConnectionTable rowreq cleanup.
  14       */
  15 +    netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
  16 +    rowreq_ctx->data = NULL;
  17  }                               /* tcpConnectionTable_rowreq_ctx_cleanup */
  18
  19  /**
  20 diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
  21 index 807dd9d..fec6bef 100644
  22 --- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
  23 +++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c
  24 @@ -256,7 +256,8 @@ tcpConnectionTable_container_load(netsnmp_container *container)
  25       * free the container. we've either claimed each entry, or released it,
  26       * so the dal function doesn't need to clear the container.
  27       */
  28 -    netsnmp_access_tcpconn_container_free(raw_data, 0);
  29 +    netsnmp_access_tcpconn_container_free(raw_data,
  30 +                                          NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
  31
  32      DEBUGMSGT(("verbose:tcpConnectionTable:tcpConnectionTable_cache_load",
  33                 "%d records\n", (int)CONTAINER_SIZE(container)));
  34 diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
  35 index f3009dd..ebd672b 100644
  36 --- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
  37 +++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c
  38 @@ -154,6 +154,8 @@ tcpListenerTable_rowreq_ctx_cleanup(tcpListenerTable_rowreq_ctx *
  39      /*
  40       * TODO:211:o: |-> Perform extra tcpListenerTable rowreq cleanup.
  41       */
  42 +    netsnmp_access_tcpconn_entry_free(rowreq_ctx->data);
  43 +    rowreq_ctx->data = NULL;
  44  }                               /* tcpListenerTable_rowreq_ctx_cleanup */
  45
  46  /**
  47 diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
  48 index 09ba655..b25d5db 100644
  49 --- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
  50 +++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c
  51 @@ -254,7 +254,8 @@ tcpListenerTable_container_load(netsnmp_container *container)
  52       * free the container. we've either claimed each entry, or released it,
  53       * so the dal function doesn't need to clear the container.
  54       */
  55 -    netsnmp_access_tcpconn_container_free(raw_data, 0);
  56 +    netsnmp_access_tcpconn_container_free(raw_data,
  57 +                                          NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR);
  58
  59      DEBUGMSGT(("verbose:tcpListenerTable:tcpListenerTable_cache_load",
  60                 "%d records\n", (int)CONTAINER_SIZE(container)));