449351: When an invalid port number that exceeds 0x10000(65536) is specified by the snmpd and snmptrapd command, an improper port number is generated.
Author: Jan Safranek <jsafrane@redhat.com>
Check port specifiers. Inspired by upstream version of snmpUDPDomain.c (but rewritten to
fit to old version of net-snmp).
diff -up net-snmp-5.3.2.2/snmplib/snmpUDPDomain.c.port net-snmp-5.3.2.2/snmplib/snmpUDPDomain.c
--- net-snmp-5.3.2.2/snmplib/snmpUDPDomain.c.port 2008-08-06 10:29:52.000000000 +0200
+++ net-snmp-5.3.2.2/snmplib/snmpUDPDomain.c 2008-08-06 10:29:55.000000000 +0200
@@ -823,9 +823,16 @@ netsnmp_sockaddr_in(struct sockaddr_in *
*cp = '\0';
cp++;
if (atoi(cp) != 0) {
+ int port = atoi(cp);
DEBUGMSGTL(("netsnmp_sockaddr_in",
- "port number suffix :%d\n", atoi(cp)));
- addr->sin_port = htons((u_short)atoi(cp));
+ "port number suffix :%d\n", port));
+ if (port > 0 && port < 65536) {
+ addr->sin_port = htons((u_short)port);
+ } else {
+ snmp_log(LOG_WARNING,
+ "Invalid port number: %d, using default %d\n",
+ port, ntohs(addr->sin_port));
+ }
}
}
diff -up net-snmp-5.3.2.2/snmplib/snmpUDPIPv6Domain.c.port net-snmp-5.3.2.2/snmplib/snmpUDPIPv6Domain.c
--- net-snmp-5.3.2.2/snmplib/snmpUDPIPv6Domain.c.port 2007-08-20 10:06:42.000000000 +0200
+++ net-snmp-5.3.2.2/snmplib/snmpUDPIPv6Domain.c 2008-08-06 10:29:57.000000000 +0200
@@ -390,9 +390,17 @@ netsnmp_sockaddr_in6(struct sockaddr_in6
/*
* Okay, it looks like JUST a port number.
*/
+ int port = atoi(peername);
DEBUGMSGTL(("netsnmp_sockaddr_in6", "totally numeric: %d\n",
- atoi(peername)));
- addr->sin6_port = htons(atoi(peername));
+ port));
+ if (port > 0 && port < 65536) {
+ addr->sin6_port = htons(port);
+ }
+ else {
+ snmp_log(LOG_WARNING,
+ "Invalid port number: %d, using default %d\n",
+ port, ntohs(addr->sin6_port));
+ }
goto resolved;
}
@@ -426,10 +434,18 @@ netsnmp_sockaddr_in6(struct sockaddr_in6
if (atoi(cp + 2) != 0 &&
inet_pton(AF_INET6, peername + 1,
(void *) &(addr->sin6_addr))) {
+ int port = atoi(cp + 2);
DEBUGMSGTL(("netsnmp_sockaddr_in6",
"IPv6 address with port suffix :%d\n",
- atoi(cp + 2)));
- addr->sin6_port = htons(atoi(cp + 2));
+ port));
+ if (port > 0 && port < 65536) {
+ addr->sin6_port = htons(port);
+ }
+ else {
+ snmp_log(LOG_WARNING,
+ "Invalid port number: %d, using default %d\n",
+ port, ntohs(addr->sin6_port));
+ }
#if defined(HAVE_IF_NAMETOINDEX) && defined(HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID)
addr->sin6_scope_id = if_index;
#endif
@@ -476,10 +492,18 @@ netsnmp_sockaddr_in6(struct sockaddr_in6
if (atoi(cp + 1) != 0 &&
inet_pton(AF_INET6, peername,
(void *) &(addr->sin6_addr))) {
+ int port = atoi(cp + 1);
DEBUGMSGTL(("netsnmp_sockaddr_in6",
"IPv6 address with port suffix :%d\n",
- atoi(cp + 1)));
- addr->sin6_port = htons(atoi(cp + 1));
+ port));
+ if (port > 0 && port < 65536) {
+ addr->sin6_port = htons(port);
+ }
+ else {
+ snmp_log(LOG_WARNING,
+ "Invalid port number: %d, using default %d\n",
+ port, ntohs(addr->sin6_port));
+ }
#if defined(HAVE_IF_NAMETOINDEX) && defined(HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID)
addr->sin6_scope_id = if_index;
#endif
@@ -508,10 +532,18 @@ netsnmp_sockaddr_in6(struct sockaddr_in6
if (cp != NULL) {
*cp = '\0';
if (atoi(cp + 1) != 0) {
+ int port = atoi(cp + 1);
DEBUGMSGTL(("netsnmp_sockaddr_in6",
"hostname(?) with port suffix :%d\n",
- atoi(cp + 1)));
- addr->sin6_port = htons(atoi(cp + 1));
+ port));
+ if (port > 0 && port < 65536) {
+ addr->sin6_port = htons(port);
+ }
+ else {
+ snmp_log(LOG_WARNING,
+ "Invalid port number: %d, using default %d\n",
+ port, ntohs(addr->sin6_port));
+ }
} else {
/*
* No idea, looks bogus but we might as well pass the full thing to
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
c0394d3068b44395994f031447c8052d
>
files
>
57
