Commit Graph

122 Commits

Author SHA1 Message Date
Conrad Meyer
4aa1608aee bsnmpd: Fix size of trapsink::comm to match other community arrays
This fixes a number of possible strcpy() buffer overruns between the various
community strings in trap.c.

Reported by:	Coverity
CIDs:		1006820, 1006821, 1006822
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:06:03 +00:00
Conrad Meyer
5f0d846034 bsnmp: Don't overrun privkey buffer by copying wrong size
The 'priv_key' array is SNMP_PRIV_KEY_SIZ bytes, not SNMP_AUTH_KEY_SIZ.

Reported by:	Coverity
CIDs:		1008326, 1009675
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:54:34 +00:00
Enji Cooper
8ad8cdc95f Use sizeof(*uuser) instead of sizeof(struct usm_user) for consistency with
the rest of the users in the file

No functional change

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
2016-04-22 08:11:26 +00:00
Enji Cooper
e9f8d18ebe Return ret in op_ifentry(..) to mute a -Wunused-but-set-variable warning
This will also now detect error conditions with
value->var.subs[sub - 1] == LEAF_ifPhysAddress where `string_get(..)`
could fail if iifp->physaddr and/or iifp->physaddrlen were deemed
invalid.

MFC after: 2 weeks
CID: 1006551
Reported by: Coverity, gcc
Sponsored by: EMC / Isilon Storage Division
2016-04-22 07:51:38 +00:00
Enji Cooper
1422b66c64 Simplify always evaluated branch (e != NULL)
- xalloc(..) ensures that e will be non-null via malloc + err.
- `e` is already dereferenced above, so logically it's impossible
  to hit the lower test without crashing if it was indeed NULL.

MFC after: 3 days
CID: 1007408
Reported by: Coverity
Sponsored by: EMC / Isilon Storage Division
2016-04-22 05:24:15 +00:00
Enji Cooper
f517a30206 Don't leak string in parse_define(..) when a macro has been found
and the parser token != TOK_ASSIGN

MFC after: 1 week
CID: 1007187, 1007188
Reported by: Coverity
Obtained from: Isilon OneFS (part of r445479)
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
2016-04-22 05:14:12 +00:00
Gleb Smirnoff
bf840a1707 Redo r294869. The array of counters for TCP states doesn't belong to
struct tcpstat, because the structure can be zeroed out by netstat(1) -z,
and of course running connection counts shouldn't be touched.

Place running connection counts into separate array, and provide
separate read-only sysctl oid for it.
2016-03-15 00:15:10 +00:00
Bjoern A. Zeeb
ce42ce038e Try to fix a bug introduced in r228623. We started to copy the ifa_msghdr
as otherwise platforms with strict alignment would break.  It's unclear
to me if there's also a problem with access to the address list following
the structure.  However we never copied the address list after the structure
and thus are pointing at random memory.  For now just use a pointer to the
original memory for accessing the address list making it at least work on
platforms with weak memory access.

PR:			195445
Reported by:		wolfgang lyxys.ka.sub.org
Tested by:		wolfgang lyxys.ka.sub.org (x86)
MFC after:		3 days
2016-02-03 11:03:44 +00:00
Gleb Smirnoff
a781766836 Grab value for LEAF_tcpCurrEstab from net.inet.tcp.stats instead of
net.inet.tcp.pcblist, which is much cheaper.
2016-01-27 00:50:27 +00:00
Bjoern A. Zeeb
54902c0a6a Change the variable to a #define in order to make gcc happy which
otherwise will complain about "variably modified 'alias' at file scope".
Unbreaks the build on gcc platforms.
2016-01-22 15:03:22 +00:00
Hartmut Brandt
5edd0d3a4d Fill the ifAlias leaf of the ifXTable with the interface description
if there is one available and it fits into the maximum size (64 characters).
2016-01-21 16:11:20 +00:00
Enji Cooper
8cd5a258fb Staticize several variables that are used exclusively in bsnmpd/main.c and
bsnmpd/trap.c

This fixes several -Wmissing-variable-declaration warnings noted by clang

Differential Revision: https://reviews.freebsd.org/D4718
MFC after: 1 week
Reported by: Jenkins
Reviewed by: araujo
Sponsored by: EMC / Isilon Storage Division
2015-12-28 01:51:20 +00:00
Enji Cooper
30dfa264d0 Remove unused function act_getkernstring
This fixes a clang -Wunused warning

Differential Revision: https://reviews.freebsd.org/D4697
MFC after: 1 week
Reported by: Jenkins
Reviewed by: araujo, bapt
Sponsored by: EMC / Isilon Storage Division
2015-12-24 22:22:02 +00:00
Marcelo Araujo
fa77157916 Fix variable 'old' is used uninitialized whenever '&&' condition is false.
Spotted by clang.

Differential Revision:	D2721
Reviewed by:		rodrigc, bapt
2015-08-07 06:15:01 +00:00
Enji Cooper
e3ee0494af Fix the function signatures when MK_CRYPT == no for snmp_get_local_keys and
snmp_passwd_to_keys

MFC after: 1 week
Reported by: Beeblebrox <zaphod@berentweb.com>
2014-12-27 20:58:01 +00:00
Shteryana Shopova
ac89bc4f84 Fix a bug in decoding string indexes in snmp_target(3), thus causing
bsnmpd(1) to not send v3 notifications properly; while here add two
missing return statements which could lead to abort() in case of a
rollback
2014-10-10 00:26:28 +00:00
Hartmut Brandt
30b5118d51 Fix a problem with OBJECT IDENTIFIER encoding: need to check the
second subid to be less than 40, not the first when the first
subid is 0 or 1.
2014-01-21 16:49:54 +00:00
Xin LI
ecd241b619 Fix bsnmpd remote denial of service vulnerability.
Reported by:	dinoex
Submitted by:	harti
Security:	FreeBSD-SA-14:01.bsnmpd
Security:	CVE-2014-1452
2014-01-14 18:58:57 +00:00
Shteryana Shopova
546401ce54 Fix the -Wconversion warnings produced when compiling the SNMP agent. 2013-10-17 12:03:17 +00:00
Shteryana Shopova
0698344859 Fix SNMP Error response PDUs and properly encode them when using v3 auth/encryption.
Reported by:	harti@
2013-10-17 11:49:46 +00:00
Mikolaj Golub
b96e78e02c Register OID for HAST module.
MFC after:	2 weeks
2013-05-08 20:04:32 +00:00
Gleb Smirnoff
8cc5fb3d91 Restore the ipNetToMedia MIB, that was broken with new ARP commit
in the r186119.

Submitted by:	Konstantin Kukushkin <dark rambler-co.ru>
2013-04-25 16:23:22 +00:00
Pedro F. Giffuni
646a7fea0c Clean some 'svn:executable' properties in the tree.
Submitted by:	Christoph Mallon
MFC after:	3 days
2013-01-26 22:08:21 +00:00
Gleb Smirnoff
bc17db9558 Looks like support.h is really not needed here. 2012-10-18 13:46:26 +00:00
Maksim Yevmenkin
8651c115b8 put another bandaid on the build until i figure out bsnmp headers 2012-10-18 00:20:02 +00:00
Maksim Yevmenkin
aa21cf7851 fix build
MFC after:	1 week
2012-10-17 21:53:38 +00:00
Gleb Smirnoff
23cea7199b Re-do r240271:
- Set IP_RECVDSTADDR sockopt on the socket only in case if
  it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
  IP_RECVDSTADDR control message.

This fixes operation of snmpd bound to a specific local IP address.

PR:		bin/171279
2012-09-20 05:41:20 +00:00
Gleb Smirnoff
f2ddd22eac For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.

PR:		bin/171279
2012-09-09 09:46:48 +00:00
Gleb Smirnoff
0cf0d912b7 The first part of check_priv() function, that attempts to obtain creds
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.

The SCM_CREDS control messages is received only in two cases:

1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
   the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
   syscall. In this case the message is struct cmsgcred.

We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:

o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
  and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
  is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
  instead use correct search cycle through control messages.
2012-09-08 07:12:00 +00:00
Kevin Lo
31f7ba0295 Fully initialize the stack-allocated "struct sockaddr_in sa" structure. 2012-09-07 08:58:30 +00:00
Joel Dahl
bef04523e3 Remove end of line whitespace. 2012-06-17 11:36:28 +00:00
Joel Dahl
0aa9c2d892 Minor mdoc fixes. 2012-06-17 11:33:55 +00:00
Maksim Yevmenkin
6c9707c3b2 Count both IPv4 and IPv6 TCP connections in tcpCurrEstab
Timeout from:	current, syrinx
MFC after:	1 week
2012-06-06 18:00:38 +00:00
Glen Barber
a3fb6da9ba General mdoc(7) and typo fixes.
PR:		167734
Submitted by:	Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after:	3 days
2012-05-11 20:06:46 +00:00
Hartmut Brandt
9972acaa15 memset() wants the size of the structure to clear, not the size
of the pointer to it.

Submitted by:	Pawel Worach
2012-03-18 19:28:52 +00:00
Bjoern A. Zeeb
1e629ba90f Adter r228571 unbreak architectures with strict alignment rules
by copying rather than casting.
2011-12-17 11:06:22 +00:00
Mikolaj Golub
b2b91ddf9d Include sys/queue.h: snmpmod.h uses TAILQ.
PR:		bin/153153
MFC after:	2 weeks
2011-12-11 17:10:33 +00:00
Ulrich Spörlein
f0720ed5f8 Fix broken mdoc.
Found by:	manlint
Approved by:	re (kib)
2011-08-01 22:21:18 +00:00
Ruslan Ermilov
87a5818245 Properly detect interface's state in the LINK_STATE_UNKNOWN case.
MFC after:	1 week
2011-05-03 10:11:44 +00:00
Ruslan Ermilov
81b587f396 Don't spam syslog with "inet_ntop(): Address family not supported
by protocol family" when processing requests received from the
UNIX domain socket.

MFC after:	3 days
2011-04-20 08:38:25 +00:00
Hartmut Brandt
5a0bba9007 Bring the list of OIDs up-to-date to prevent conflicts. 2011-02-03 15:19:18 +00:00
Shteryana Shopova
cf90ea94a0 Unbreak the build by temprorarily not using include directives in
bsnmpd(1)' def files, until bsd.snmpmod.mk & Makefiles are fixed to
pass proper include path flags to gensnmptree.
2010-12-20 22:56:50 +00:00
Shteryana Shopova
72cd7a520d Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip
Approved by:	philip
2010-12-20 17:13:14 +00:00
Shteryana Shopova
2b8026620c Silence the compiler warnings in libbsnmp by removing several (now)
unsed parameters.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip@
2010-12-16 11:20:37 +00:00
Shteryana Shopova
e9a4946830 Add a forgotten file from r216294 and unbreak the build.
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip@ (mostly)
Approved by:	philip@
2010-12-08 15:52:06 +00:00
Shteryana Shopova
135f7de5dd In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip@ (mostly)
Approved by:	philip@
2010-12-08 13:51:38 +00:00
Ulrich Spörlein
d9962dc588 Remove mention of non-existant -o flag for debugging options.
MFC after:	3 days
2010-10-23 12:27:39 +00:00
Ulrich Spörlein
7cc1fde083 mdoc: drop even more redundant .Pp calls
No change in rendered output, less mandoc lint warnings.

Tool provided by:	Nobuyuki Koganemaru n-kogane at syd.odn.ne.jp
2010-10-19 12:35:40 +00:00
Joel Dahl
54be88c948 Fix two minor typos. 2010-08-16 21:12:26 +00:00
Ulrich Spörlein
f239d44ec1 Bump document date after content changes.
Pointy hat to:	uqs
2010-08-16 19:05:10 +00:00