to a non-wildcard address. As documented in ip(4), doing sendmsg(2) with
IP_SENDSRCADDR on a socket that is bound to non-wildcard address is
completely different to using this control message on a wildcard one.
A fix is to add a bool to mark whether we did setsockopt(IP_RECVDSTADDR)
on the socket, and use IP_SENDSRCADDR control message only if we did.
While here, garbage collect absolutely useless udp_recv() function that
establishes some structures on stack to never use them later.
when dereferencing a NULL pointer later on.
Choose to just check for the NULL pointer in the next for-loop for now to fix
the issue with a minimal amount of code churn
sys/queue.h use here would make more sense than using a static table
MFC after: 5 days
This avoids a segfault with malformed or unanticipated files,
like IPV6-TC.txt (a file containing just TEXTUAL-CONVENTIONS).
MFC after: 5 days
Found with: gensnmpdef /usr/local/share/snmp/mibs/IPV6-TC.txt
Add an XXX comment to note that the conditional seems suspect given
how it's handled elsewhere in the SNMP_OP_SET case.
MFC after: 2 weeks
Reported by: Coverity
CID: 1008573
- Use strlcpy to ensure p->name doesn't overflow sa.sun_path [*].
- Use SUN_LEN(..) instead of spelling out calculation longhand (inspired
by comment by jmallett).
Tested with: dgram and stream support with both bsnmpwalk and snmpwalk
MFC after: 1 week
Reported by: Coverity
CID: 1006825
- Ensure `section` doesn't overrun section by using strlcpy instead of
strcpy [*].
- Use strdup instead of malloc + strcpy (this wasn't flagged by Coverity,
but is an opportunistic change).
MFC after: 1 week
Reported by: Coverity
CID: 1006826 [*]
This doesn't fix the issue noted in the PR, but at the very least it
cleans up the error so it looks a bit more sane, and in the event
that bsnmp did wander off into the weeds, the likelihood of it
crashing with more sensible output is greater, in my opinion
MFC counter set high so I have enough time to resolve the real
underlying bug in bsnmpwalk
MFC after: 1 month
PR: 215721
- Call snmp_pdu_free on req and resp when done with the objects
- Call snmp_pdu_free on req before calling snmp_pdu_create on it
again
MFC after: 1 week
avoid returning an uninitialized value
There are some really complicated, snakey if-statements combined with
switch statements that could result in an invalid value being returned
as `ret`
MFC after: 1 week
Reported by: Coverity
CID: 1006551
This is of course to avoid buffer overruns
The remaining strcpy instance in the module needs to be audited for
correctness
MFC after: 1 week
Reported by: Coverity
CID: 1006827, 1006828
snmp_pdu_free: set pdu->nbindings to 0 to limit the damage that
could happen if a pdu was reused after calling the function, and
as both stack and heap allocation types are used in contrib/bsnmp
and usr.sbin/bsnmpd.
snmp_value_free: NULL out value->v.octetstring.octets after calling
free on it to prevent a double-free from occurring.
MFC after: 2 weeks
as the listening address in snmpd_input(..)
Stash the IPv4 address of the receiver via the recv(..) callback and use it in
the send(..) callback for the transport by specifying IP_SENDSRCADDR for the
control message type.
Add sendmsg logic to the UDP transport's send(..) callback and use the
respective send(..) callback for the transport instead of calling sendto in
snmpd_input(..).
MFC after: 3 weeks
Obtained from: Isilon OneFS (^/onefs/branches/BR_8_0_0_DEV@r507595)
Submitted by: Thor Steingrimsson <thor.steingrimsson@isilon.com>
Sponsored by: Dell EMC Isilon
Again, for reasons I don't yet understand, this is not being flagged by the
compiler. Unlike the issue addressed in r310587, this problem existed prior
to r310586
MFC after: 2 weeks
X-MFC with: r310586, r310587
Add recv callback to transport layer to better facilitate code reuse and
readability and for symmetry with send callback. Move recv_dgram and
recv_stream to udp_recv and lsock_recv, respectively, and make the
beforementioned functions recv callbacks for the udp and lsock transports,
respectively.
Consolidate the check_priv* functions in their relevant trans*.c source to
limit scope/use.
Note: this code is roughly based content from the submitter, although this
was modified to be more of a direct move from snmpd/main.c to the trans_*.c
sources, and to reduce unnecessary static function declarations.
MFC after: 2 weeks
Submitted by: Thor Steingrimsson <thor.steingrimsson@isilon.com>
Sponsored by: Dell EMC Isilon
- Use inet_pton with AF_INET instead of doing longhand with sscanf.
- Use gethostbyname2 with AF_INET to ensure that the hostname isn't
accidentally parsed with another address family, e.g. AF_INET6.
NB: IpAddress per RFC-2578 is IPv4 only. Work is in progress to add
the InetAddress type and friends documented in RFC-4001 and
elsewhere (which supports IPv4, IPv6, and more).
MFC after: 2 weeks
