[Pkg-net-snmp-devel] Bug#754955: libsnmp-dev: File descriptors larger than FD_SETSIZE crash the init_snmp() function

Petr Zajicek petr.zajicek at nangu.tv
Wed Jul 16 10:57:30 UTC 2014 

Package: libsnmp-dev
Version: 5.7.2.1~dfsg-5
Severity: important
Tags: patch

Dear Maintainer,

I was debugging a sub agent running on a thread started by a larger
application.
If the process used up more file descriptors than FD_SETSIZE before starting
the thread which was running the sub agent, the sub agent crashed on the
init_snmp() function. This should not be a problem since versions over NetSNMP
5.5 can and should use netsnmp_large_fd_set struct to deal with large file
descriptors.

Debugging the issue I've found that the functions used to manipulate the large
file descriptor sets ( netsnmp_large_fd_setfd(),  netsnmp_large_fd_clr(),
netsnmp_large_fd_is_set(),  netsnmp_large_fd_set_resize() ) use the macros
FD_SET, FD_CLR, FD_ISSET. These macros should be size independent, however in
newer versions of libc library they have an inbuilt buffer overflow protection
which tests agains the FD_SETSIZE, when manipulating a file descriptor from the
set.

Also the functions snmp_synch_response_cb() and snmp_sess_synch_response()
still use the standard fd_set struct, wich causes an infinite loop if the
response is expected on a file descriptor larger than FD_SETSIZE. This is
aready fixed in upstream PATCH 3394386, I've just used the fix.

Attached a suggested patch.

-- System Information:
Debian Release: jessie/sid
  APT prefers trusty-updates
  APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13.0-30-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libsnmp-dev depends on:
ii  libc6-dev        2.19-0ubuntu6
ii  libsensors4-dev  1:3.3.4-2ubuntu1
ii  libsnmp30        5.7.2.1~dfsg-5
ii  libssl-dev       1.0.1f-1ubuntu2.4
ii  libwrap0-dev     7.6.q-25
ii  procps           1:3.3.9-1ubuntu2

libsnmp-dev recommends no packages.

libsnmp-dev suggests no packages.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.txt
Type: text/x-diff
Size: 7593 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-net-snmp-devel/attachments/20140716/dc4b7747/attachment.diff>

More information about the Pkg-net-snmp-devel mailing list