153 Commits

Author SHA1 Message Date
ngie
4093156173 Prevent improper memory accesses after calling snmp_pdu_free and snmp_value_free
snmp_pdu_free: set pdu->nbindings to 0 to limit the damage that
could happen if a pdu was reused after calling the function, and
as both stack and heap allocation types are used in contrib/bsnmp
and usr.sbin/bsnmpd.

snmp_value_free: NULL out value->v.octetstring.octets after calling
free on it to prevent a double-free from occurring.

MFC after:      2 weeks
2016-12-29 00:20:03 +00:00
ngie
402d5d3733 style(9): ip_get(..): clean up whitespace
MFC after:	3 days
2016-12-28 05:05:08 +00:00
ngie
b2ff0ca59d style(9): snmp_send_packet(..): fix whitespace
MFC after:	3 days
2016-12-28 04:56:15 +00:00
ngie
65df443113 style(9): fix whitespace in pdu_encode_secparams(..)
MFC after:	3 days
2016-12-28 04:53:52 +00:00
ngie
64921a2ee1 style(9): sort alignment in udp_recv(..)
MFC after:	3 weeks
2016-12-28 04:31:07 +00:00
ngie
8684890cca Fix bsnmpd sending/receiving with multi-homed configurations or INADDR_ANY used
as the listening address in snmpd_input(..)

Stash the IPv4 address of the receiver via the recv(..) callback and use it in
the send(..) callback for the transport by specifying IP_SENDSRCADDR for the
control message type.

Add sendmsg logic to the UDP transport's send(..) callback and use the
respective send(..) callback for the transport instead of calling sendto in
snmpd_input(..).

MFC after:      3 weeks
Obtained from:  Isilon OneFS (^/onefs/branches/BR_8_0_0_DEV@r507595)
Submitted by:   Thor Steingrimsson <thor.steingrimsson@isilon.com>
Sponsored by:   Dell EMC Isilon
2016-12-28 04:29:09 +00:00
ngie
6a228a1b19 style(9): clean up trailing whitespace
MFC after:	3 weeks
2016-12-27 23:32:54 +00:00
ngie
f9b6f82f5b style(9): fix trailing whitespace
MFC after:	3 days
2016-12-26 11:16:55 +00:00
ngie
c2c0f758c3 Update engine time using update_snmpd_engine_time(..)
MFC after:	6 days
X-MFC with:	r310498
Sponsored by:	Dell EMC Isilon
2016-12-26 11:11:30 +00:00
ngie
2a46b43d61 Fix return type for ret (recv callback) and sort variables by alignment
Again, for reasons I don't yet understand, this is not being flagged by the
compiler. Unlike the issue addressed in r310587, this problem existed prior
to r310586

MFC after:	2 weeks
X-MFC with:	r310586, r310587
2016-12-26 10:24:48 +00:00
ngie
704ab6b547 Fix definition for recv_dgram(..); it should be "ssize_t", not "int"
I'm not sure why this wasn't flagged as an issue by the compiler, yet

MFC after:	3 weeks
X-MFC with:	r310586
2016-12-26 10:21:28 +00:00
ngie
e1fafb91e3 Refactor transport sources a bit to facilitate changes coming down pipeline
Add recv callback to transport layer to better facilitate code reuse and
readability and for symmetry with send callback. Move recv_dgram and
recv_stream to udp_recv and lsock_recv, respectively, and make the
beforementioned functions recv callbacks for the udp and lsock transports,
respectively.

Consolidate the check_priv* functions in their relevant trans*.c source to
limit scope/use.

Note: this code is roughly based content from the submitter, although this
was modified to be more of a direct move from snmpd/main.c to the trans_*.c
sources, and to reduce unnecessary static function declarations.

MFC after:	2 weeks
Submitted by:	Thor Steingrimsson <thor.steingrimsson@isilon.com>
Sponsored by:	Dell EMC Isilon
2016-12-26 10:17:22 +00:00
ngie
ff4ea07cd6 Fix style(9)
- Sort #includes
- Delete trailing whitespace

No functional change

MFC after:	3 days
2016-12-26 07:31:16 +00:00
ngie
764feb9929 style(9): delete stray trailing whitespace after break statement
MFC after:	3 days
2016-12-24 11:49:25 +00:00
ngie
3a6e63dcae Be more strict about IpAddress type in snmp_value_parse(..)
- Use inet_pton with AF_INET instead of doing longhand with sscanf.
- Use gethostbyname2 with AF_INET to ensure that the hostname isn't
  accidentally parsed with another address family, e.g. AF_INET6.

NB: IpAddress per RFC-2578 is IPv4 only. Work is in progress to add
    the InetAddress type and friends documented in RFC-4001 and
    elsewhere (which supports IPv4, IPv6, and more).

MFC after:	2 weeks
2016-12-24 11:41:16 +00:00
ngie
f3cd3b6abc Minor style(9) fixes
- Trailing whitespace cleanup
- Sort variables in snmp_dialog(..) by alignment

No functional change

MFC after:	1 week
2016-12-24 11:30:24 +00:00
ngie
5d96cb434e Sort #includes
No functional change

MFC after:	3 days
2016-12-24 11:26:55 +00:00
ngie
0d462fe8e9 Allow SNMPv3 authNoPriv and noAuthNoPriv protocols to discover snmpEngineTime
as discussed in RFC-5343

This fixes interoperability with net-snmp.

Tested with the following invocations of snmpwalk (from net-snmp):

- noAuthNoPriv:

  % snmpwalk -v 3 -n '' -u public localhost snmpEngineTime

- authNoPriv:

  % snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authNoPriv -a sha localhost \
    localhost snmpEngineTime

- authPriv:

  % snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des \
    -X bsnmptest localhost snmpEngineTime

MFC after:	1 week
Obtained from:	Isilon OneFS (5ec6d772cacbc, with minor tweaks)
Submitted by:	Austin Voecks <austin.voecks@isilon.com>
Sponsored by:	Dell EMC Isilon
2016-12-24 11:23:18 +00:00
ngie
af1403e46c Sort #includes per style(9)
No functional change

MFC after:	3 days
2016-12-23 07:55:13 +00:00
ngie
adf70bc555 Clarify failure in snmp_output(..) with call to snmp_pdu_decode
- Explicitly test snmp_pdu_encode against SNMP_CODE_OK instead of assuming
  any non-zero value is bad.
- Print out the code before calling abort() to give the end-user something
  actionable to debug without having to recompile the binary, since the
  core might not have these details.

MFC after:	1 week
2016-12-23 05:07:28 +00:00
ngie
1027db332b Clean up trailing and leading whitespace
Fix variable type alignment in snmp_dialog(..)

MFC after:	1 week
2016-12-18 05:31:54 +00:00
syrinx
b0a3ee5d95 Reply to a snmpEngineID discovery PDU with a Report PDU as per the
requirements of RFC 3414 section 4.

PR:	174974
Submitted by:	pguyot@kallisys.net
Reported by:	several people
Reviewed by:	bz@
2016-11-10 20:51:26 +00:00
syrinx
ea49fb0774 Fix a regression introduced in SVN r256678 that breaks USM header parsing
Reviewed by:	bz@
2016-10-24 21:05:23 +00:00
glebius
e971b15ccd Revert r299830, it has couple of fatal errors.
The CMSG_ family of macros take care of alignment, so we don't need r299830
at all, even if it was correct.  Put NO_WCAST_ALIGN into Makefile.

Together with:	peter
2016-05-18 22:02:19 +00:00
ngie
5468a8a74c Fix .Dd
Today is the 14th, not the 10th of May

Reported by: igor (derp)
Sponsored by: EMC / Isilon Storage Division
2016-05-15 03:44:32 +00:00
ngie
e2d22654df Fix fully canonicalized example for myvariable.27...
`6` doesn't occur in the OID; it was spurious

Bump .Dd for the change

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 03:43:36 +00:00
ngie
24775f5dba Remove trailing whitespace in license tort
MFC after: 1 week
Reported by: igor
Sponsored by: EMC / Isilon Storage Division
2016-05-15 03:41:01 +00:00
ngie
ed17cd41ca Fix -Wcast-align warnings
Use memcpy instead of using direct assignment of void* pointers with
CMSG_DATA(..), which changes alignment

MFC after: 3 weeks
Reported by: clang
Sponsored by: EMC / Isilon Storage Division
2016-05-15 03:36:19 +00:00
ngie
200ff419ab Use SNMPD_INPUT_FAILED instead of SNMP_CODE_FAILED
SNMPD_INPUT_FAILED is `enum snmpd_input_err` type (which matches the return
code from the function). SNMP_CODE_FAILED is `enum snmp_code` type.

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:54:21 +00:00
ngie
e72268dbe4 Use sizeof(..)s for the destination buffers instead of hardcoded values corresponding
to the destination buffer sizes

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:13:36 +00:00
ngie
f8efc8ecc6 Replace QUADFMT with %ju and QUADXFMT with %jx and cast values with uintmax_t
This will cure some -Wformat warnings

MFC after: 1 week
Reported by: clang, gcc
Sponsored by: EMC / Isilon Storage Division
2016-05-15 00:10:37 +00:00
cem
3109740c43 bsnmpd: Fix size of trapsink::comm to match other community arrays
This fixes a number of possible strcpy() buffer overruns between the various
community strings in trap.c.

Reported by:	Coverity
CIDs:		1006820, 1006821, 1006822
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 17:06:03 +00:00
cem
61b729e84b bsnmp: Don't overrun privkey buffer by copying wrong size
The 'priv_key' array is SNMP_PRIV_KEY_SIZ bytes, not SNMP_AUTH_KEY_SIZ.

Reported by:	Coverity
CIDs:		1008326, 1009675
Sponsored by:	EMC / Isilon Storage Division
2016-05-11 16:54:34 +00:00
ngie
1f176af7b3 Use sizeof(*uuser) instead of sizeof(struct usm_user) for consistency with
the rest of the users in the file

No functional change

MFC after: 3 days
Sponsored by: EMC / Isilon Storage Division
2016-04-22 08:11:26 +00:00
ngie
fba15366d5 Return ret in op_ifentry(..) to mute a -Wunused-but-set-variable warning
This will also now detect error conditions with
value->var.subs[sub - 1] == LEAF_ifPhysAddress where `string_get(..)`
could fail if iifp->physaddr and/or iifp->physaddrlen were deemed
invalid.

MFC after: 2 weeks
CID: 1006551
Reported by: Coverity, gcc
Sponsored by: EMC / Isilon Storage Division
2016-04-22 07:51:38 +00:00
ngie
075957409e Simplify always evaluated branch (e != NULL)
- xalloc(..) ensures that e will be non-null via malloc + err.
- `e` is already dereferenced above, so logically it's impossible
  to hit the lower test without crashing if it was indeed NULL.

MFC after: 3 days
CID: 1007408
Reported by: Coverity
Sponsored by: EMC / Isilon Storage Division
2016-04-22 05:24:15 +00:00
ngie
f22677eeac Don't leak string in parse_define(..) when a macro has been found
and the parser token != TOK_ASSIGN

MFC after: 1 week
CID: 1007187, 1007188
Reported by: Coverity
Obtained from: Isilon OneFS (part of r445479)
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
2016-04-22 05:14:12 +00:00
glebius
224119b2ed Redo r294869. The array of counters for TCP states doesn't belong to
struct tcpstat, because the structure can be zeroed out by netstat(1) -z,
and of course running connection counts shouldn't be touched.

Place running connection counts into separate array, and provide
separate read-only sysctl oid for it.
2016-03-15 00:15:10 +00:00
bz
5b67986f72 Try to fix a bug introduced in r228623. We started to copy the ifa_msghdr
as otherwise platforms with strict alignment would break.  It's unclear
to me if there's also a problem with access to the address list following
the structure.  However we never copied the address list after the structure
and thus are pointing at random memory.  For now just use a pointer to the
original memory for accessing the address list making it at least work on
platforms with weak memory access.

PR:			195445
Reported by:		wolfgang lyxys.ka.sub.org
Tested by:		wolfgang lyxys.ka.sub.org (x86)
MFC after:		3 days
2016-02-03 11:03:44 +00:00
glebius
6c4255a1e6 Grab value for LEAF_tcpCurrEstab from net.inet.tcp.stats instead of
net.inet.tcp.pcblist, which is much cheaper.
2016-01-27 00:50:27 +00:00
bz
241625018c Change the variable to a #define in order to make gcc happy which
otherwise will complain about "variably modified 'alias' at file scope".
Unbreaks the build on gcc platforms.
2016-01-22 15:03:22 +00:00
harti
9695459665 Fill the ifAlias leaf of the ifXTable with the interface description
if there is one available and it fits into the maximum size (64 characters).
2016-01-21 16:11:20 +00:00
ngie
caf04c1d5c Staticize several variables that are used exclusively in bsnmpd/main.c and
bsnmpd/trap.c

This fixes several -Wmissing-variable-declaration warnings noted by clang

Differential Revision: https://reviews.freebsd.org/D4718
MFC after: 1 week
Reported by: Jenkins
Reviewed by: araujo
Sponsored by: EMC / Isilon Storage Division
2015-12-28 01:51:20 +00:00
ngie
a8cab145cb Remove unused function act_getkernstring
This fixes a clang -Wunused warning

Differential Revision: https://reviews.freebsd.org/D4697
MFC after: 1 week
Reported by: Jenkins
Reviewed by: araujo, bapt
Sponsored by: EMC / Isilon Storage Division
2015-12-24 22:22:02 +00:00
araujo
012ab6e588 Fix variable 'old' is used uninitialized whenever '&&' condition is false.
Spotted by clang.

Differential Revision:	D2721
Reviewed by:		rodrigc, bapt
2015-08-07 06:15:01 +00:00
ngie
8e415d9c27 Fix the function signatures when MK_CRYPT == no for snmp_get_local_keys and
snmp_passwd_to_keys

MFC after: 1 week
Reported by: Beeblebrox <zaphod@berentweb.com>
2014-12-27 20:58:01 +00:00
syrinx
f916cb9074 Fix a bug in decoding string indexes in snmp_target(3), thus causing
bsnmpd(1) to not send v3 notifications properly; while here add two
missing return statements which could lead to abort() in case of a
rollback
2014-10-10 00:26:28 +00:00
harti
1d74874531 Fix a problem with OBJECT IDENTIFIER encoding: need to check the
second subid to be less than 40, not the first when the first
subid is 0 or 1.
2014-01-21 16:49:54 +00:00
delphij
7d5825ffd4 Fix bsnmpd remote denial of service vulnerability.
Reported by:	dinoex
Submitted by:	harti
Security:	FreeBSD-SA-14:01.bsnmpd
Security:	CVE-2014-1452
2014-01-14 18:58:57 +00:00
syrinx
8e524b7e82 Fix the -Wconversion warnings produced when compiling the SNMP agent. 2013-10-17 12:03:17 +00:00