diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2018-10-09 22:44:29 +0200 |
|---|---|---|
| committer | Andreas Rammhold <andreas@rammhold.de> | 2018-10-09 23:07:36 +0200 |
| commit | 2f7c24295357240da704cb28c4240ecef36bcd7c (patch) | |
| tree | e75f40981291c25bbb8b34f83374d18fe0dfd214 /pkgs/servers | |
| parent | 11c0d07761f692e2bc1285d7f45a57e99a9cf0c7 (diff) | |
| download | nixlib-2f7c24295357240da704cb28c4240ecef36bcd7c.tar nixlib-2f7c24295357240da704cb28c4240ecef36bcd7c.tar.gz nixlib-2f7c24295357240da704cb28c4240ecef36bcd7c.tar.bz2 nixlib-2f7c24295357240da704cb28c4240ecef36bcd7c.tar.lz nixlib-2f7c24295357240da704cb28c4240ecef36bcd7c.tar.xz nixlib-2f7c24295357240da704cb28c4240ecef36bcd7c.tar.zst nixlib-2f7c24295357240da704cb28c4240ecef36bcd7c.zip | |
net_snmp: fix CVE-2018-18065
Diffstat (limited to 'pkgs/servers')
| -rw-r--r-- | pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch | 30 | ||||
| -rw-r--r-- | pkgs/servers/monitoring/net-snmp/default.nix | 1 |
2 files changed, 31 insertions, 0 deletions
diff --git a/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch b/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch new file mode 100644 index 000000000000..c33f7bb03fa8 --- /dev/null +++ b/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch @@ -0,0 +1,30 @@ +commit 7ffb8e25a0db851953155de91f0170e9bf8c457d +Author: Robert Story <rstory@freesnmp.com> +Date: Thu Oct 6 10:43:10 2016 -0400 + + CHANGES: BUG: 2743: snmpd crashes when receiving a GetNext PDU with multiple Varbinds + + skip out-of-range varbinds when calling next handler + +diff --git a/agent/helpers/table.c b/agent/helpers/table.c +index 32a08033a..2666638b5 100644 +--- a/agent/helpers/table.c ++++ b/agent/helpers/table.c +@@ -340,6 +340,8 @@ table_helper_handler(netsnmp_mib_handler *handler, + else if (reqinfo->mode == MODE_GET) + table_helper_cleanup(reqinfo, request, + SNMP_NOSUCHOBJECT); ++ else ++ request->processed = 1; /* skip if next handler called */ + continue; + } + +@@ -409,6 +411,8 @@ table_helper_handler(netsnmp_mib_handler *handler, + else if (reqinfo->mode == MODE_GET) + table_helper_cleanup(reqinfo, request, + SNMP_NOSUCHOBJECT); ++ else ++ request->processed = 1; /* skip if next handler called */ + continue; + } + /* diff --git a/pkgs/servers/monitoring/net-snmp/default.nix b/pkgs/servers/monitoring/net-snmp/default.nix index a6b738270a9a..0e7a53306eb4 100644 --- a/pkgs/servers/monitoring/net-snmp/default.nix +++ b/pkgs/servers/monitoring/net-snmp/default.nix @@ -19,6 +19,7 @@ stdenv.mkDerivation rec { (fetchAlpinePatch "fix-includes.patch" "0zpkbb6k366qpq4dax5wknwprhwnhighcp402mlm7950d39zfa3m") (fetchAlpinePatch "netsnmp-swinst-crash.patch" "0gh164wy6zfiwiszh58fsvr25k0ns14r3099664qykgpmickkqid") (fetchAlpinePatch "remove-U64-typedef.patch" "1msxyhcqkvhqa03dwb50288g7f6nbrcd9cs036m9xc8jdgjb8k8j") + ./CVE-2018-18065.patch ]; preConfigure = |