bsnmpd crashes regularily (every 3-5 days). Env: FreeBSD gw1.tpark-it 12.2-RELEASE-p4 FreeBSD 12.2-RELEASE-p4 GENERIC amd64 Also the bsnmp-ucd-0.4.5 in installed, but accoring to the backtrace, the crash source is inside the main app. Backtrace: ===Cut=== [root@gw1:/]# lldb --core /bsnmpd.core /usr/sbin/bsnmpd (lldb) target create "/usr/sbin/bsnmpd" --core "/bsnmpd.core" Core file '/bsnmpd.core' (x86_64) was loaded. (lldb) bt * thread #1, name = 'bsnmpd', stop reason = signal SIGSEGV * frame #0: 0x0000000000213a12 bsnmpd`snmp_input_start(buf=<unavailable>, len=<unavailable>, source="", pdu=0x00007ffffffe2900, ip=0x00007ffffffe28c4, pdulen=<unavailable>) at main.c:644:40 frame #1: 0x000000000021498e bsnmpd`snmpd_input(pi=0x0000000801045000, tport=0x0000000801008c80) at main.c:1071:9 frame #2: 0x000000080026fa3e libbegemot.so.4`poll_dispatch(wait=<unavailable>) at rpoll.c:603:6 frame #3: 0x000000000021593a bsnmpd`main(argc=0, argv=<unavailable>) at main.c:1747:3 frame #4: 0x00000000002130b0 bsnmpd`_start(ap=<unavailable>, cleanup=<unavailable>) at crt1.c:76:7 (lldb) frame select 0 frame #0: 0x0000000000213a12 bsnmpd`snmp_input_start(buf=<unavailable>, len=<unavailable>, source="", pdu=0x00007ffffffe2900, ip=0x00007ffffffe28c4, pdulen=<unavailable>) at main.c:644:40 641 pdu->engine.engine_boots = snmpd_engine.engine_boots; 642 pdu->engine.engine_time = snmpd_engine.engine_time; 643 } -> 644 } else if (usm_user->suser.auth_proto != SNMP_AUTH_NOAUTH && 645 (pdu->engine.engine_boots == 0 || pdu->engine.engine_time == 0)) { 646 snmpd_usmstats.not_in_time_windows++; 647 ret = SNMPD_INPUT_FAILED; (lldb) ===Cut===
same here, I don't have symbols but stack seems to be the same: * thread #1, name = 'bsnmpd', stop reason = signal SIGSEGV * frame #0: 0x0000000000213a12 bsnmpd`snmp_input_start + 850 frame #1: 0x000000000021498e bsnmpd`snmpd_input + 286 frame #2: 0x000000080026fa3e libbegemot.so.4`poll_dispatch + 1230 frame #3: 0x000000000021593a bsnmpd`main + 2138 frame #4: 0x00000000002130b0 bsnmpd`_start + 256
Created attachment 227785 [details] Proposed fix Proposed fix against releng/12.2
I have been able to reproduce the crash with the same backtrace on 12.2-RELEASE-p7 ; the proposed patch fixes the crash for me and it would be good if the original reporter confirms that when running bsnmpd with the patch the crash is resolved The same fix should apply to FreeBSD-CURRENT too
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=8b959dd6a3921c35395bef4a6d7ad2426a3bd88e commit 8b959dd6a3921c35395bef4a6d7ad2426a3bd88e Author: Shteryana Shopova <syrinx@FreeBSD.org> AuthorDate: 2021-10-01 11:10:39 +0000 Commit: Shteryana Shopova <syrinx@FreeBSD.org> CommitDate: 2021-10-01 11:10:39 +0000 Fix bsnmpd(1) crash with ill-formed Discovery message RFC 3414 Section 4. Discovery specifies that a discovery request message has a varBindList left empty. Nonetheless, bsnmpd(1) should not crash when receiving a non-zero var-bindings list in a Discovery Request message. PR: 255214 MFC after: 2 weeks contrib/bsnmp/snmpd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
^Triage: committed back in 2021.