diff options
author | Andreas Rammhold <andreas@rammhold.de> | 2018-10-10 21:05:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-10 21:05:00 +0200 |
commit | 020a3ff09b5c467b93db5a871338d5acdff3c9f6 (patch) | |
tree | 4d784ae012ed7b8324230105bfcad77d22b68f4f /pkgs/servers/monitoring | |
parent | f9d247a8d8ae8b4a8a36cc732d56f2e17f18e5a6 (diff) | |
parent | 2f7c24295357240da704cb28c4240ecef36bcd7c (diff) | |
download | nixlib-020a3ff09b5c467b93db5a871338d5acdff3c9f6.tar nixlib-020a3ff09b5c467b93db5a871338d5acdff3c9f6.tar.gz nixlib-020a3ff09b5c467b93db5a871338d5acdff3c9f6.tar.bz2 nixlib-020a3ff09b5c467b93db5a871338d5acdff3c9f6.tar.lz nixlib-020a3ff09b5c467b93db5a871338d5acdff3c9f6.tar.xz nixlib-020a3ff09b5c467b93db5a871338d5acdff3c9f6.tar.zst nixlib-020a3ff09b5c467b93db5a871338d5acdff3c9f6.zip |
Merge pull request #48123 from andir/net_snmp
net_snmp: fix CVE-2018-18065
Diffstat (limited to 'pkgs/servers/monitoring')
-rw-r--r-- | pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch | 30 | ||||
-rw-r--r-- | pkgs/servers/monitoring/net-snmp/default.nix | 1 |
2 files changed, 31 insertions, 0 deletions
diff --git a/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch b/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch new file mode 100644 index 000000000000..c33f7bb03fa8 --- /dev/null +++ b/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch @@ -0,0 +1,30 @@ +commit 7ffb8e25a0db851953155de91f0170e9bf8c457d +Author: Robert Story <rstory@freesnmp.com> +Date: Thu Oct 6 10:43:10 2016 -0400 + + CHANGES: BUG: 2743: snmpd crashes when receiving a GetNext PDU with multiple Varbinds + + skip out-of-range varbinds when calling next handler + +diff --git a/agent/helpers/table.c b/agent/helpers/table.c +index 32a08033a..2666638b5 100644 +--- a/agent/helpers/table.c ++++ b/agent/helpers/table.c +@@ -340,6 +340,8 @@ table_helper_handler(netsnmp_mib_handler *handler, + else if (reqinfo->mode == MODE_GET) + table_helper_cleanup(reqinfo, request, + SNMP_NOSUCHOBJECT); ++ else ++ request->processed = 1; /* skip if next handler called */ + continue; + } + +@@ -409,6 +411,8 @@ table_helper_handler(netsnmp_mib_handler *handler, + else if (reqinfo->mode == MODE_GET) + table_helper_cleanup(reqinfo, request, + SNMP_NOSUCHOBJECT); ++ else ++ request->processed = 1; /* skip if next handler called */ + continue; + } + /* diff --git a/pkgs/servers/monitoring/net-snmp/default.nix b/pkgs/servers/monitoring/net-snmp/default.nix index a6b738270a9a..0e7a53306eb4 100644 --- a/pkgs/servers/monitoring/net-snmp/default.nix +++ b/pkgs/servers/monitoring/net-snmp/default.nix @@ -19,6 +19,7 @@ stdenv.mkDerivation rec { (fetchAlpinePatch "fix-includes.patch" "0zpkbb6k366qpq4dax5wknwprhwnhighcp402mlm7950d39zfa3m") (fetchAlpinePatch "netsnmp-swinst-crash.patch" "0gh164wy6zfiwiszh58fsvr25k0ns14r3099664qykgpmickkqid") (fetchAlpinePatch "remove-U64-typedef.patch" "1msxyhcqkvhqa03dwb50288g7f6nbrcd9cs036m9xc8jdgjb8k8j") + ./CVE-2018-18065.patch ]; preConfigure = |