diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c index 759287f..380a386 100644 --- a/agent/mibgroup/agent/nsLogging.c +++ b/agent/mibgroup/agent/nsLogging.c @@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler, continue; logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request); table_info = netsnmp_extract_table_info(request); + if (!table_info || !table_info->indexes) + continue; switch (table_info->colnum) { case NSLOGGING_TYPE: @@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler, } logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request); table_info = netsnmp_extract_table_info(request); + if (!table_info || !table_info->indexes) + continue; switch (table_info->colnum) { case NSLOGGING_TYPE: @@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler, continue; logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request); table_info = netsnmp_extract_table_info(request); + if (!table_info || !table_info->indexes) + continue; switch (table_info->colnum) { case NSLOGGING_TYPE: diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c index 79fa97d..dae56fe 100644 --- a/agent/mibgroup/agent/nsVacmAccessTable.c +++ b/agent/mibgroup/agent/nsVacmAccessTable.c @@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, entry = (struct vacm_accessEntry *) netsnmp_extract_iterator_context(request); table_info = netsnmp_extract_table_info(request); + if (!table_info || !table_info->indexes) + continue; /* Extract the authType token from the list of indexes */ idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable; + if (idx->val_len >= sizeof(atype)) + continue; memset(atype, 0, sizeof(atype)); memcpy(atype, (char *)idx->val.string, idx->val_len); viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype); @@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, entry = (struct vacm_accessEntry *) netsnmp_extract_iterator_context(request); table_info = netsnmp_extract_table_info(request); + if (!table_info || !table_info->indexes) + continue; ret = SNMP_ERR_NOERROR; switch (table_info->colnum) { @@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, * Extract the authType token from the list of indexes */ idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable; + if (idx->val_len >= sizeof(atype)) + continue; memset(atype, 0, sizeof(atype)); memcpy(atype, (char *)idx->val.string, idx->val_len); viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype); @@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, idx = idx->next_variable; model = *idx->val.integer; idx = idx->next_variable; level = *idx->val.integer; entry = vacm_createAccessEntry( gName, cPrefix, model, level ); - entry->storageType = ST_NONVOLATILE; - netsnmp_insert_iterator_context(request, (void*)entry); + if (entry) { + entry->storageType = ST_NONVOLATILE; + netsnmp_insert_iterator_context(request, (void*)entry); + } } } } @@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler, /* Extract the authType token from the list of indexes */ idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable; + if (idx->val_len >= sizeof(atype)) + continue; memset(atype, 0, sizeof(atype)); memcpy(atype, (char *)idx->val.string, idx->val_len); viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype); diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c index 2a05743..7611670 100644 --- a/agent/mibgroup/mibII/vacm_vars.c +++ b/agent/mibgroup/mibII/vacm_vars.c @@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen, return 1; } groupNameL = oidIndex[0]; + if ((groupNameL + 1) > (int) oidLen) { + return 1; + } contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */ if ((int) oidLen != groupNameL + contextPrefixL + 4) { return 1; diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c index 39ec61d..fc4b7b6 100644 --- a/agent/mibgroup/snmpv3/usmUser.c +++ b/agent/mibgroup/snmpv3/usmUser.c @@ -1507,8 +1507,6 @@ write_usmUserStatus(int action, if (usmStatusCheck(uptr)) { uptr->userStatus = RS_ACTIVE; } else { - SNMP_FREE(engineID); - SNMP_FREE(newName); return SNMP_ERR_INCONSISTENTVALUE; } } else if (long_ret == RS_CREATEANDWAIT) { diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c index 26653f4..e3f06d6 100644 --- a/agent/snmp_agent.c +++ b/agent/snmp_agent.c @@ -2954,7 +2954,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp, if (requests->status != SNMP_ERR_NOERROR && (!look_for_specific || requests->status == look_for_specific) && (look_for_specific || asp->index == 0 - || requests->index < asp->index)) { + || requests->index <= asp->index)) { asp->index = requests->index; asp->status = requests->status; } diff --git a/debian/changelog b/debian/changelog index 189f401..05ec600 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +net-snmp (5.8+dfsg-ok6) yangtze; urgency=medium + + * l491 repair CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 + + -- lvbingbing Fri, 03 Mar 2023 19:18:25 +0800 + net-snmp (5.8+dfsg-ok5) yangtze; urgency=medium * realpan_bupt CVE-2020-15862 安全更新:Net-SNMP 5.7.3及之前版本中存在安全漏洞.