CVE-2022-44792、CVE-2022-4479 安全更新
This commit is contained in:
cooking_orange
parent
eeb5f10e6c
commit
1c39887614
|
|
@ -3708,12 +3708,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status)
|
|||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
check_set_pdu_for_null_varbind(netsnmp_agent_session *asp)
|
||||
{
|
||||
int i;
|
||||
netsnmp_variable_list *v = NULL;
|
||||
|
||||
for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) {
|
||||
if (v->type == ASN_NULL) {
|
||||
/*
|
||||
* Protect SET implementations that do not protect themselves
|
||||
* against wrong type.
|
||||
*/
|
||||
DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i));
|
||||
asp->index = i;
|
||||
return SNMP_ERR_WRONGTYPE;
|
||||
}
|
||||
}
|
||||
return SNMP_ERR_NOERROR;
|
||||
}
|
||||
|
||||
int
|
||||
handle_pdu(netsnmp_agent_session *asp)
|
||||
{
|
||||
int status, inclusives = 0;
|
||||
netsnmp_variable_list *v = NULL;
|
||||
|
||||
#ifndef NETSNMP_NO_WRITE_SUPPORT
|
||||
/*
|
||||
* Check for ASN_NULL in SET request
|
||||
*/
|
||||
if (asp->pdu->command == SNMP_MSG_SET) {
|
||||
status = check_set_pdu_for_null_varbind(asp);
|
||||
if (status != SNMP_ERR_NOERROR) {
|
||||
return status;
|
||||
}
|
||||
}
|
||||
#endif /* NETSNMP_NO_WRITE_SUPPORT */
|
||||
|
||||
/*
|
||||
* for illegal requests, mark all nodes as ASN_NULL
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -182,6 +182,7 @@ main(int argc, char *argv[])
|
|||
case 'x':
|
||||
case 'd':
|
||||
case 'b':
|
||||
case 'n': /* undocumented */
|
||||
#ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
|
||||
case 'I':
|
||||
case 'U':
|
||||
|
|
|
|||
|
|
@ -421,9 +421,6 @@ netsnmp_mysql_connect(void)
|
|||
int
|
||||
netsnmp_mysql_init(void)
|
||||
{
|
||||
int not_argc = 0, i;
|
||||
char *not_args[] = { NULL };
|
||||
char **not_argv = not_args;
|
||||
netsnmp_trapd_handler *traph;
|
||||
|
||||
DEBUGMSGTL(("sql:init","called\n"));
|
||||
|
|
@ -450,14 +447,22 @@ netsnmp_mysql_init(void)
|
|||
my_init();
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_MYSQL_OPTIONS)
|
||||
{
|
||||
int not_argc = 0, i;
|
||||
char *not_args[] = { NULL };
|
||||
char **not_argv = not_args;
|
||||
|
||||
/** load .my.cnf values */
|
||||
#if HAVE_MY_LOAD_DEFAULTS
|
||||
my_load_defaults ("my", _sql.groups, ¬_argc, ¬_argv, 0);
|
||||
#elif defined(HAVE_LOAD_DEFAULTS)
|
||||
load_defaults ("my", _sql.groups, ¬_argc, ¬_argv);
|
||||
#else
|
||||
#error Neither load_defaults() nor mysql_options() are available.
|
||||
#endif
|
||||
|
||||
for(i=0; i < not_argc; ++i) {
|
||||
for (i = 0; i < not_argc; ++i) {
|
||||
if (NULL == not_argv[i])
|
||||
continue;
|
||||
if (strncmp(not_argv[i],"--password=",11) == 0)
|
||||
|
|
@ -475,6 +480,8 @@ netsnmp_mysql_init(void)
|
|||
else
|
||||
snmp_log(LOG_WARNING, "unknown argument[%d] %s\n", i, not_argv[i]);
|
||||
}
|
||||
}
|
||||
#endif /* !defined(HAVE_MYSQL_OPTIONS) */
|
||||
|
||||
/** init bind structures */
|
||||
memset(_tbind, 0x0, sizeof(_tbind));
|
||||
|
|
@ -554,7 +561,7 @@ netsnmp_mysql_init(void)
|
|||
return -1;
|
||||
}
|
||||
|
||||
#if MYSQL_VERSION_ID >= 100000
|
||||
#if HAVE_MYSQL_OPTIONS
|
||||
mysql_options(_sql.conn, MYSQL_READ_DEFAULT_GROUP, "snmptrapd");
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -25214,19 +25214,17 @@ $as_echo "no" >&6; }
|
|||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
ac_fn_c_check_func "$LINENO" "mysql_init" "ac_cv_func_mysql_init"
|
||||
if test "x$ac_cv_func_mysql_init" = xyes; then :
|
||||
|
||||
$as_echo "#define HAVE_MYSQL_INIT 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
|
||||
ac_fn_c_check_func "$LINENO" "load_defaults" "ac_cv_func_load_defaults"
|
||||
if test "x$ac_cv_func_load_defaults" = xyes; then :
|
||||
|
||||
$as_echo "#define HAVE_LOAD_DEFAULTS 1" >>confdefs.h
|
||||
for ac_func in load_defaults mysql_init mysql_options
|
||||
do :
|
||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
done
|
||||
|
||||
CPPFLAGS="${_cppflags}"
|
||||
LIBS="${_libs}"
|
||||
|
|
|
|||
|
|
@ -563,14 +563,7 @@ if test "x$with_mysql" = "xyes" ; then
|
|||
AC_DEFINE([HAVE_MY_LOAD_DEFAULTS], 1,
|
||||
[Define if having my_load_defaults()])],
|
||||
[AC_MSG_RESULT(no)])
|
||||
AC_CHECK_FUNC(
|
||||
[mysql_init],
|
||||
AC_DEFINE([HAVE_MYSQL_INIT], 1,
|
||||
[Define if mysql_init() is available in libmysqlclient]))
|
||||
AC_CHECK_FUNC(
|
||||
[load_defaults],
|
||||
AC_DEFINE([HAVE_LOAD_DEFAULTS], 1,
|
||||
[Define if load_defaults() is available in libmysqlclient]))
|
||||
AC_CHECK_FUNCS([load_defaults mysql_init mysql_options])
|
||||
CPPFLAGS="${_cppflags}"
|
||||
LIBS="${_libs}"
|
||||
AC_MSG_CACHE_ADD(MYSQL Trap Logging: enabled)
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
net-snmp (5.8+dfsg-ok7) yangtze; urgency=medium
|
||||
|
||||
* cooking-orange-cub CVE-2022-44792、CVE-2022-4479 安全更新
|
||||
|
||||
-- chenyuheng <cyh030619@bupt.edu.cn> Thu, 09 Mar 2023 15:09:18 +0800
|
||||
|
||||
net-snmp (5.8+dfsg-ok6) yangtze; urgency=medium
|
||||
|
||||
* l491 repair CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810
|
||||
|
|
|
|||
|
|
@ -462,7 +462,7 @@
|
|||
/* Define to 1 if you have the <linux/tasks.h> header file. */
|
||||
#undef HAVE_LINUX_TASKS_H
|
||||
|
||||
/* Define if load_defaults() is available in libmysqlclient */
|
||||
/* Define to 1 if you have the `load_defaults' function. */
|
||||
#undef HAVE_LOAD_DEFAULTS
|
||||
|
||||
/* Define to 1 if you have the <locale.h> header file. */
|
||||
|
|
@ -513,9 +513,12 @@
|
|||
/* Define to 1 if you have the <mtab.h> header file. */
|
||||
#undef HAVE_MTAB_H
|
||||
|
||||
/* Define if mysql_init() is available in libmysqlclient */
|
||||
/* Define to 1 if you have the `mysql_init' function. */
|
||||
#undef HAVE_MYSQL_INIT
|
||||
|
||||
/* Define to 1 if you have the `mysql_options' function. */
|
||||
#undef HAVE_MYSQL_OPTIONS
|
||||
|
||||
/* Define if MY_INIT() is availabe in libmysqlclient */
|
||||
#undef HAVE_MY_INIT
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
#!/bin/sh
|
||||
|
||||
. ../support/simple_eval_tools.sh
|
||||
|
||||
HEADER SNMPv2c set of system.sysContact.0 with NULL varbind
|
||||
|
||||
SKIPIF NETSNMP_DISABLE_SET_SUPPORT
|
||||
SKIPIF NETSNMP_NO_WRITE_SUPPORT
|
||||
SKIPIF NETSNMP_DISABLE_SNMPV2C
|
||||
SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE
|
||||
|
||||
#
|
||||
# Begin test
|
||||
#
|
||||
|
||||
# standard V2C configuration: testcomunnity
|
||||
snmp_write_access='all'
|
||||
. ./Sv2cconfig
|
||||
STARTAGENT
|
||||
|
||||
CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0"
|
||||
|
||||
CHECK ".1.3.6.1.2.1.1.4.0 = STRING:"
|
||||
|
||||
CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x"
|
||||
|
||||
CHECK "Reason: wrongType"
|
||||
|
||||
STOPAGENT
|
||||
|
||||
FINISHED
|
||||
Loading…
Reference in New Issue