]>
Commit | Line | Data |
---|---|---|
cf3659bc AM |
1 | 551030 - Memory corruption in TCP-MIB::tcpListenerProcess |
2 | ||
3 | Source: upstream, SVN rev. 17861 | |
4 | ||
5 | CHANGES: snmpd: Fixed invalid access to memory in TCP-MIB | |
6 | ||
7 | diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c | |
8 | index 7259bf8..e274d19 100644 | |
9 | --- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c | |
10 | +++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable.c | |
11 | @@ -155,6 +155,8 @@ tcpConnectionTable_rowreq_ctx_cleanup(tcpConnectionTable_rowreq_ctx * | |
12 | /* | |
13 | * TODO:211:o: |-> Perform extra tcpConnectionTable rowreq cleanup. | |
14 | */ | |
15 | + netsnmp_access_tcpconn_entry_free(rowreq_ctx->data); | |
16 | + rowreq_ctx->data = NULL; | |
17 | } /* tcpConnectionTable_rowreq_ctx_cleanup */ | |
18 | ||
19 | /** | |
20 | diff --git a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c | |
21 | index 807dd9d..fec6bef 100644 | |
22 | --- a/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c | |
23 | +++ b/agent/mibgroup/tcp-mib/tcpConnectionTable/tcpConnectionTable_data_access.c | |
24 | @@ -256,7 +256,8 @@ tcpConnectionTable_container_load(netsnmp_container *container) | |
25 | * free the container. we've either claimed each entry, or released it, | |
26 | * so the dal function doesn't need to clear the container. | |
27 | */ | |
28 | - netsnmp_access_tcpconn_container_free(raw_data, 0); | |
29 | + netsnmp_access_tcpconn_container_free(raw_data, | |
30 | + NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR); | |
31 | ||
32 | DEBUGMSGT(("verbose:tcpConnectionTable:tcpConnectionTable_cache_load", | |
33 | "%d records\n", (int)CONTAINER_SIZE(container))); | |
34 | diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c | |
35 | index f3009dd..ebd672b 100644 | |
36 | --- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c | |
37 | +++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable.c | |
38 | @@ -154,6 +154,8 @@ tcpListenerTable_rowreq_ctx_cleanup(tcpListenerTable_rowreq_ctx * | |
39 | /* | |
40 | * TODO:211:o: |-> Perform extra tcpListenerTable rowreq cleanup. | |
41 | */ | |
42 | + netsnmp_access_tcpconn_entry_free(rowreq_ctx->data); | |
43 | + rowreq_ctx->data = NULL; | |
44 | } /* tcpListenerTable_rowreq_ctx_cleanup */ | |
45 | ||
46 | /** | |
47 | diff --git a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c | |
48 | index 09ba655..b25d5db 100644 | |
49 | --- a/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c | |
50 | +++ b/agent/mibgroup/tcp-mib/tcpListenerTable/tcpListenerTable_data_access.c | |
51 | @@ -254,7 +254,8 @@ tcpListenerTable_container_load(netsnmp_container *container) | |
52 | * free the container. we've either claimed each entry, or released it, | |
53 | * so the dal function doesn't need to clear the container. | |
54 | */ | |
55 | - netsnmp_access_tcpconn_container_free(raw_data, 0); | |
56 | + netsnmp_access_tcpconn_container_free(raw_data, | |
57 | + NETSNMP_ACCESS_TCPCONN_FREE_DONT_CLEAR); | |
58 | ||
59 | DEBUGMSGT(("verbose:tcpListenerTable:tcpListenerTable_cache_load", | |
60 | "%d records\n", (int)CONTAINER_SIZE(container))); |