|
Line 0
Link Here
|
|
|
1 |
--- agent/mibgroup/disman/event/mteEvent.c |
| 2 |
+++ agent/mibgroup/disman/event/mteEvent.c |
| 3 |
@@ -76,9 +76,7 @@ _init_builtin_mteEvent( const char *event, const char *oname, oid *trapOID, size |
| 4 |
netsnmp_tdata_row *row; |
| 5 |
struct mteEvent *entry; |
| 6 |
|
| 7 |
- memset(ename, 0, sizeof(ename)); |
| 8 |
- ename[0] = '_'; |
| 9 |
- memcpy(ename+1, event, strlen(event)); |
| 10 |
+ snprintf(ename, sizeof(ename), "_%s", event); |
| 11 |
|
| 12 |
row = mteEvent_createEntry( "_snmpd", ename, 1 ); |
| 13 |
if (!row || !row->data) |
| 14 |
@@ -89,7 +87,7 @@ _init_builtin_mteEvent( const char *event, const char *oname, oid *trapOID, size |
| 15 |
entry->mteNotification_len = trapOID_len; |
| 16 |
memcpy( entry->mteNotification, trapOID, trapOID_len*sizeof(oid)); |
| 17 |
memcpy( entry->mteNotifyOwner, "_snmpd", 6 ); |
| 18 |
- memcpy( entry->mteNotifyObjects, oname, strlen(oname)); |
| 19 |
+ strlcpy(entry->mteNotifyObjects, oname, sizeof(entry->mteNotifyObjects)); |
| 20 |
entry->flags |= MTE_EVENT_FLAG_ENABLED| |
| 21 |
MTE_EVENT_FLAG_ACTIVE| |
| 22 |
MTE_EVENT_FLAG_VALID; |
| 23 |
--- agent/mibgroup/disman/event/mteTriggerConf.c |
| 24 |
+++ agent/mibgroup/disman/event/mteTriggerConf.c |
| 25 |
@@ -507,13 +507,12 @@ parse_mteMonitor(const char *token, const char *line) |
| 26 |
memcpy(oid_name_buf, buf, SPRINT_MAX_LEN); |
| 27 |
memset( buf, 0, SPRINT_MAX_LEN); |
| 28 |
cp = copy_nword_const(cp, buf, SPRINT_MAX_LEN); |
| 29 |
- value = strtol(buf, NULL, 0); |
| 30 |
+ value = strtol(buf, NULL, 0); |
| 31 |
|
| 32 |
/* |
| 33 |
* ... then save the rest of the line for later. |
| 34 |
*/ |
| 35 |
- memset( buf, 0, strlen(buf)); |
| 36 |
- memcpy( buf, cp, strlen(cp)); |
| 37 |
+ strlcpy(buf, cp, sizeof(buf)); |
| 38 |
cp = NULL; /* To terminate the processing loop */ |
| 39 |
DEBUGMSGTL(("disman:event:conf", "%s: Thresh (%s, %ld, %s)\n", |
| 40 |
tname, oid_name_buf, value, buf)); |
| 41 |
--- agent/mibgroup/disman/schedule/schedCore.c |
| 42 |
+++ agent/mibgroup/disman/schedule/schedCore.c |
| 43 |
@@ -454,6 +454,7 @@ schedTable_createEntry(const char *schedOwner, const char *schedName) |
| 44 |
{ |
| 45 |
struct schedTable_entry *entry; |
| 46 |
netsnmp_tdata_row *row; |
| 47 |
+ int len; |
| 48 |
|
| 49 |
DEBUGMSGTL(("disman:schedule:entry", "creating entry (%s, %s)\n", |
| 50 |
schedOwner, schedName)); |
| 51 |
@@ -472,16 +473,20 @@ schedTable_createEntry(const char *schedOwner, const char *schedName) |
| 52 |
* data structure, and in the table_data helper. |
| 53 |
*/ |
| 54 |
if (schedOwner) { |
| 55 |
- memcpy(entry->schedOwner, schedOwner, strlen(schedOwner)); |
| 56 |
- netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, |
| 57 |
- entry->schedOwner, strlen(schedOwner)); |
| 58 |
+ len = strlen(schedOwner); |
| 59 |
+ if (len > sizeof(entry->schedOwner)) |
| 60 |
+ len = sizeof(entry->schedOwner); |
| 61 |
+ memcpy(entry->schedOwner, schedOwner, len); |
| 62 |
+ netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, entry->schedOwner, len); |
| 63 |
} |
| 64 |
else |
| 65 |
netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, "", 0 ); |
| 66 |
|
| 67 |
- memcpy( entry->schedName, schedName, strlen(schedName)); |
| 68 |
- netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, |
| 69 |
- entry->schedName, strlen(schedName)); |
| 70 |
+ len = strlen(schedName); |
| 71 |
+ if (len > sizeof(entry->schedName)) |
| 72 |
+ len = sizeof(entry->schedName); |
| 73 |
+ memcpy(entry->schedName, schedName, len); |
| 74 |
+ netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, entry->schedName, len); |
| 75 |
/* |
| 76 |
* Set the (non-zero) default values in the row data structure. |
| 77 |
*/ |
| 78 |
--- agent/mibgroup/hardware/cpu/cpu.c |
| 79 |
+++ agent/mibgroup/hardware/cpu/cpu.c |
| 80 |
@@ -148,7 +148,7 @@ netsnmp_cpu_info *netsnmp_cpu_get_byName( char *name, int create ) { |
| 81 |
return NULL; |
| 82 |
} |
| 83 |
|
| 84 |
- strcpy(cpu->name, name); |
| 85 |
+ strlcpy(cpu->name, name, sizeof(cpu)); |
| 86 |
if ( _cpu_tail ) { |
| 87 |
cpu->idx = _cpu_tail->idx+1; |
| 88 |
_cpu_tail->next = cpu; |
| 89 |
--- agent/mibgroup/hardware/cpu/cpu_linux.c |
| 90 |
+++ agent/mibgroup/hardware/cpu/cpu_linux.c |
| 91 |
@@ -72,7 +72,7 @@ void init_cpu_linux( void ) { |
| 92 |
#ifdef DESCR_FIELD |
| 93 |
if (!strncmp( buf, DESCR_FIELD, strlen(DESCR_FIELD))) { |
| 94 |
cp = strchr( buf, ':' ); |
| 95 |
- strcpy( cpu->descr, cp+2 ); |
| 96 |
+ strlcpy(cpu->descr, cp + 2, sizeof(cpu->descr)); |
| 97 |
cp = strchr( cpu->descr, '\n' ); |
| 98 |
*cp = 0; |
| 99 |
} |
| 100 |
--- agent/mibgroup/hardware/cpu/cpu_pcp.c |
| 101 |
+++ agent/mibgroup/hardware/cpu/cpu_pcp.c |
| 102 |
@@ -120,7 +120,7 @@ void init_cpu_pcp( void ) { |
| 103 |
for (i=0; i<cpu_num ; i++) { |
| 104 |
cpu = netsnmp_cpu_get_byIdx( i, 1 ); |
| 105 |
sprintf(tstr, "cpu%d",i); |
| 106 |
- strcpy(cpu->name, tstr); |
| 107 |
+ strlcpy(cpu->name, tstr, sizeof(cpu->name)); |
| 108 |
strcpy(cpu->descr, "An electronic chip that makes the computer work"); |
| 109 |
} |
| 110 |
} |
| 111 |
--- agent/mibgroup/hardware/cpu/cpu_sysinfo.c |
| 112 |
+++ agent/mibgroup/hardware/cpu/cpu_sysinfo.c |
| 113 |
@@ -66,7 +66,7 @@ void init_cpu_sysinfo( void ) |
| 114 |
{ |
| 115 |
cpu = netsnmp_cpu_get_byIdx(i, 1); |
| 116 |
sprintf(tstr, "cpu%d",i); |
| 117 |
- strcpy(cpu->name, tstr); |
| 118 |
+ strlcpy(cpu->name, tstr, sizeof(cpu->name)); |
| 119 |
strcpy(cpu->descr, "Central Processing Unit"); |
| 120 |
} |
| 121 |
} |
| 122 |
--- agent/mibgroup/hardware/sensors/hw_sensors.c |
| 123 |
+++ agent/mibgroup/hardware/sensors/hw_sensors.c |
| 124 |
@@ -168,7 +168,7 @@ sensor_by_name( const char *name, int create_type ) |
| 125 |
free(sp); |
| 126 |
return NULL; |
| 127 |
} |
| 128 |
- strcpy( sp->name, name ); |
| 129 |
+ strlcpy(sp->name, name, sizeof(sp->name)); |
| 130 |
sp->type = create_type; |
| 131 |
/* |
| 132 |
* Set up the index value. |
| 133 |
--- agent/mibgroup/host/hr_disk.c |
| 134 |
+++ agent/mibgroup/host/hr_disk.c |
| 135 |
@@ -407,7 +407,7 @@ parse_disk_config(const char *token, char *cptr) |
| 136 |
*p != '\0' && *p != '?' && *p != '*' && *p != '['; p++); |
| 137 |
c = *p; |
| 138 |
*p = '\0'; |
| 139 |
- d_str = (char *) malloc(strlen(name) + 1); |
| 140 |
+ d_str = strdup(name); |
| 141 |
if (!d_str) { |
| 142 |
SNMP_FREE(d_new); |
| 143 |
SNMP_FREE(d_str); |
| 144 |
@@ -416,7 +416,6 @@ parse_disk_config(const char *token, char *cptr) |
| 145 |
config_perror("Out of memory"); |
| 146 |
return; |
| 147 |
} |
| 148 |
- strcpy(d_str, name); |
| 149 |
*p = c; |
| 150 |
di_curr->item_type = ITEM_STRING; |
| 151 |
di_curr->item_details = (void *) d_str; |
| 152 |
--- agent/mibgroup/host/hr_network.c |
| 153 |
+++ agent/mibgroup/host/hr_network.c |
| 154 |
@@ -257,7 +257,7 @@ int HRN_index; |
| 155 |
void |
| 156 |
Save_HR_Network_Info(void) |
| 157 |
{ |
| 158 |
- strcpy(HRN_savedName, HRN_name); |
| 159 |
+ strlcpy(HRN_savedName, HRN_name, sizeof(HRN_savedName)); |
| 160 |
#if defined( USING_IF_MIB_IFTABLE_IFTABLE_DATA_ACCESS_MODULE ) |
| 161 |
HRN_savedFlags = HRN_ifnet->os_flags; |
| 162 |
HRN_savedErrors = HRN_ifnet->stats.ierrors + HRN_ifnet->stats.oerrors; |
| 163 |
--- agent/mibgroup/host/hr_swrun.c |
| 164 |
+++ agent/mibgroup/host/hr_swrun.c |
| 165 |
@@ -698,13 +698,13 @@ var_hrswrun(struct variable * vp, |
| 166 |
*cp = '\0'; |
| 167 |
#elif HAVE_KVM_GETPROCS |
| 168 |
#if defined(freebsd5) && __FreeBSD_version >= 500014 |
| 169 |
- strcpy(string, proc_table[LowProcIndex].ki_comm); |
| 170 |
+ strlcpy(string, proc_table[LowProcIndex].ki_comm, sizeof(string)); |
| 171 |
#elif defined(dragonfly) && __DragonFly_version >= 190000 |
| 172 |
- strcpy(string, proc_table[LowProcIndex].kp_comm); |
| 173 |
+ strlcpy(string, proc_table[LowProcIndex].kp_comm, sizeof(string)); |
| 174 |
#elif defined(openbsd5) |
| 175 |
- strcpy(string, proc_table[LowProcIndex].p_comm); |
| 176 |
+ strlcpy(string, proc_table[LowProcIndex].p_comm, sizeof(string)); |
| 177 |
#else |
| 178 |
- strcpy(string, proc_table[LowProcIndex].kp_proc.p_comm); |
| 179 |
+ strlcpy(string, proc_table[LowProcIndex].kp_proc.p_comm, sizeof(string)); |
| 180 |
#endif |
| 181 |
#elif defined(linux) |
| 182 |
if( (cp=get_proc_name_from_status(pid,buf,sizeof(buf))) == NULL ) { |
| 183 |
@@ -712,7 +712,7 @@ var_hrswrun(struct variable * vp, |
| 184 |
*var_len = strlen(string); |
| 185 |
return (u_char *) string; |
| 186 |
} |
| 187 |
- strcpy(string, cp); |
| 188 |
+ strlcpy(string, cp, sizeof(string)); |
| 189 |
#elif defined(cygwin) |
| 190 |
/* if (lowproc.process_state & (PID_ZOMBIE | PID_EXITED)) */ |
| 191 |
if (lowproc.process_state & PID_EXITED || (lowproc.exitcode & ~0xffff)) |
| 192 |
@@ -721,7 +721,7 @@ var_hrswrun(struct variable * vp, |
| 193 |
cygwin_conv_to_posix_path(lowproc.progname, string); |
| 194 |
cp = strrchr(string, '/'); |
| 195 |
if (cp) |
| 196 |
- strcpy(string, cp + 1); |
| 197 |
+ strlcpy(string, cp + 1, sizeof(string)); |
| 198 |
} else if (query == CW_GETPINFO_FULL) { |
| 199 |
DWORD n = lowproc.dwProcessId & 0xffff; |
| 200 |
HANDLE h = |
| 201 |
@@ -739,7 +739,7 @@ var_hrswrun(struct variable * vp, |
| 202 |
sizeof string)) { |
| 203 |
cp = strrchr(string, '\\'); |
| 204 |
if (cp) |
| 205 |
- strcpy(string, cp + 1); |
| 206 |
+ strlcpy(string, cp + 1, sizeof(string)); |
| 207 |
} else |
| 208 |
strcpy(string, "*** unknown"); |
| 209 |
CloseHandle(h); |
| 210 |
@@ -795,7 +795,7 @@ var_hrswrun(struct variable * vp, |
| 211 |
#elif defined(solaris2) |
| 212 |
#ifdef _SLASH_PROC_METHOD_ |
| 213 |
if (proc_buf) |
| 214 |
- strcpy(string, proc_buf->pr_psargs); |
| 215 |
+ strlcpy(string, proc_buf->pr_psargs, sizeof(string)); |
| 216 |
else |
| 217 |
sprintf(string, "<exited>"); |
| 218 |
cp = strchr(string, ' '); |
| 219 |
@@ -821,18 +821,18 @@ var_hrswrun(struct variable * vp, |
| 220 |
*cp = '\0'; |
| 221 |
#elif HAVE_KVM_GETPROCS |
| 222 |
#if defined(freebsd5) && __FreeBSD_version >= 500014 |
| 223 |
- strcpy(string, proc_table[LowProcIndex].ki_comm); |
| 224 |
+ strlcpy(string, proc_table[LowProcIndex].ki_comm, sizeof(string)); |
| 225 |
#elif defined(dragonfly) && __DragonFly_version >= 190000 |
| 226 |
- strcpy(string, proc_table[LowProcIndex].kp_comm); |
| 227 |
+ strlcpy(string, proc_table[LowProcIndex].kp_comm, sizeof(string)); |
| 228 |
#elif defined(openbsd5) |
| 229 |
- strcpy(string, proc_table[LowProcIndex].p_comm); |
| 230 |
+ strlcpy(string, proc_table[LowProcIndex].p_comm, sizeof(string)); |
| 231 |
#else |
| 232 |
- strcpy(string, proc_table[LowProcIndex].kp_proc.p_comm); |
| 233 |
+ strlcpy(string, proc_table[LowProcIndex].kp_proc.p_comm, sizeof(string)); |
| 234 |
#endif |
| 235 |
#elif defined(linux) |
| 236 |
cp = get_proc_name_from_cmdline(pid,buf,sizeof(buf)-1); |
| 237 |
if (cp != NULL && *cp) /* argv[0] '\0' argv[1] '\0' .... */ |
| 238 |
- strcpy(string, cp); |
| 239 |
+ strlcpy(string, cp, sizeof(string)); |
| 240 |
else { |
| 241 |
/* |
| 242 |
* swapped out - no cmdline |
| 243 |
@@ -842,7 +842,7 @@ var_hrswrun(struct variable * vp, |
| 244 |
*var_len = strlen(string); |
| 245 |
return (u_char *) string; |
| 246 |
} |
| 247 |
- strcpy(string, cp); |
| 248 |
+ strlcpy(string, cp, sizeof(string)); |
| 249 |
} |
| 250 |
#elif defined(cygwin) |
| 251 |
/* if (lowproc.process_state & (PID_ZOMBIE | PID_EXITED)) */ |
| 252 |
@@ -900,7 +900,7 @@ var_hrswrun(struct variable * vp, |
| 253 |
if (proc_buf) { |
| 254 |
cp = strchr(proc_buf->pr_psargs, ' '); |
| 255 |
if (cp) |
| 256 |
- strcpy(string, cp + 1); |
| 257 |
+ strlcpy(string, cp + 1, sizeof(string)); |
| 258 |
else |
| 259 |
string[0] = 0; |
| 260 |
} else |
| 261 |
@@ -911,7 +911,7 @@ var_hrswrun(struct variable * vp, |
| 262 |
cp++; |
| 263 |
if (*cp == ' ') |
| 264 |
cp++; |
| 265 |
- strcpy(string, cp); |
| 266 |
+ strlcpy(string, cp, sizeof(string)); |
| 267 |
#endif |
| 268 |
#elif defined(aix4) || defined(aix5) || defined(aix6) || defined(aix7) |
| 269 |
cp = strchr(proc_table[LowProcIndex].pi_comm, ' '); |
| 270 |
@@ -972,7 +972,7 @@ var_hrswrun(struct variable * vp, |
| 271 |
while (*cp) |
| 272 |
++cp; |
| 273 |
++cp; |
| 274 |
- strcpy(string, cp); |
| 275 |
+ strlcpy(string, cp, sizeof(string)); |
| 276 |
#elif defined(cygwin) |
| 277 |
string[0] = 0; |
| 278 |
#else |
| 279 |
--- agent/mibgroup/mibII/mta_sendmail.c |
| 280 |
+++ agent/mibgroup/mibII/mta_sendmail.c |
| 281 |
@@ -586,7 +586,7 @@ add_queuegroup(const char *name, char *path) |
| 282 |
*/ |
| 283 |
*p = '\0'; |
| 284 |
|
| 285 |
- strcpy(parentdir, path); |
| 286 |
+ strlcpy(parentdir, path, sizeof(parentdir)); |
| 287 |
/* |
| 288 |
* remove last directory component from parentdir |
| 289 |
*/ |
| 290 |
@@ -877,7 +877,7 @@ read_sendmailcf(BOOL config) |
| 291 |
linenr, sendmailcf_fn); |
| 292 |
break; |
| 293 |
} |
| 294 |
- strcpy(sendmailst_fn, line + 2); |
| 295 |
+ strlcpy(sendmailst_fn, line + 2, sizeof(sendmailst_fn)); |
| 296 |
found_sendmailst = TRUE; |
| 297 |
DEBUGMSGTL(("mibII/mta_sendmail.c:read_sendmailcf", |
| 298 |
"found statatistics file \"%s\"\n", |
| 299 |
--- agent/mibgroup/mibII/system_mib.c |
| 300 |
+++ agent/mibgroup/mibII/system_mib.c |
| 301 |
@@ -309,7 +309,7 @@ init_system_mib(void) |
| 302 |
if (RegQueryValueEx(hKey, "RegisteredOwner", NULL, NULL, |
| 303 |
(LPBYTE)registeredOwner, |
| 304 |
®isteredOwnerSz) == ERROR_SUCCESS) { |
| 305 |
- strcpy(sysContact, registeredOwner); |
| 306 |
+ strlcpy(sysContact, registeredOwner, sizeof(sysContact)); |
| 307 |
} |
| 308 |
RegCloseKey(hKey); |
| 309 |
} |
| 310 |
--- agent/mibgroup/mibII/vacm_conf.c |
| 311 |
+++ agent/mibgroup/mibII/vacm_conf.c |
| 312 |
@@ -480,7 +480,7 @@ vacm_parse_authaccess(const char *token, char *confline) |
| 313 |
|
| 314 |
for (i = 0; i <= VACM_MAX_VIEWS; i++) { |
| 315 |
if (viewtypes & (1 << i)) { |
| 316 |
- strcpy(ap->views[i], view); |
| 317 |
+ strlcpy(ap->views[i], view, sizeof(ap->views[i])); |
| 318 |
} |
| 319 |
} |
| 320 |
ap->contextMatch = prefix; |
| 321 |
@@ -542,7 +542,7 @@ vacm_parse_setaccess(const char *token, char *param) |
| 322 |
return; |
| 323 |
} |
| 324 |
|
| 325 |
- strcpy(ap->views[viewnum], viewval); |
| 326 |
+ strlcpy(ap->views[viewnum], viewval, sizeof(ap->views[viewnum])); |
| 327 |
ap->contextMatch = iprefix; |
| 328 |
ap->storageType = SNMP_STORAGE_PERMANENT; |
| 329 |
ap->status = SNMP_ROW_ACTIVE; |
| 330 |
@@ -598,9 +598,12 @@ vacm_parse_access(const char *token, char *param) |
| 331 |
config_perror("failed to create access entry"); |
| 332 |
return; |
| 333 |
} |
| 334 |
- strcpy(ap->views[VACM_VIEW_READ], readView); |
| 335 |
- strcpy(ap->views[VACM_VIEW_WRITE], writeView); |
| 336 |
- strcpy(ap->views[VACM_VIEW_NOTIFY], notify); |
| 337 |
+ strlcpy(ap->views[VACM_VIEW_READ], readView, |
| 338 |
+ sizeof(ap->views[VACM_VIEW_READ])); |
| 339 |
+ strlcpy(ap->views[VACM_VIEW_WRITE], writeView, |
| 340 |
+ sizeof(ap->views[VACM_VIEW_WRITE])); |
| 341 |
+ strlcpy(ap->views[VACM_VIEW_NOTIFY], notify, |
| 342 |
+ sizeof(ap->views[VACM_VIEW_NOTIFY])); |
| 343 |
ap->contextMatch = iprefix; |
| 344 |
ap->storageType = SNMP_STORAGE_PERMANENT; |
| 345 |
ap->status = SNMP_ROW_ACTIVE; |
| 346 |
--- agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c |
| 347 |
+++ agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c |
| 348 |
@@ -12,6 +12,38 @@ |
| 349 |
|
| 350 |
static DH *dh_params = NULL; |
| 351 |
|
| 352 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
| 353 |
+static int |
| 354 |
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
| 355 |
+{ |
| 356 |
+ /* If the fields p and g in d are NULL, the corresponding input |
| 357 |
+ * parameters MUST be non-NULL. q may remain NULL. |
| 358 |
+ */ |
| 359 |
+ if ((dh->p == NULL && p == NULL) |
| 360 |
+ || (dh->g == NULL && g == NULL)) |
| 361 |
+ return 0; |
| 362 |
+ |
| 363 |
+ if (p != NULL) { |
| 364 |
+ BN_free(dh->p); |
| 365 |
+ dh->p = p; |
| 366 |
+ } |
| 367 |
+ if (q != NULL) { |
| 368 |
+ BN_free(dh->q); |
| 369 |
+ dh->q = q; |
| 370 |
+ } |
| 371 |
+ if (g != NULL) { |
| 372 |
+ BN_free(dh->g); |
| 373 |
+ dh->g = g; |
| 374 |
+ } |
| 375 |
+ |
| 376 |
+ if (q != NULL) { |
| 377 |
+ dh->length = BN_num_bits(q); |
| 378 |
+ } |
| 379 |
+ |
| 380 |
+ return 1; |
| 381 |
+} |
| 382 |
+#endif |
| 383 |
+ |
| 384 |
DH * |
| 385 |
get_dh_params(void) |
| 386 |
{ |
| 387 |
@@ -22,6 +54,7 @@ get_dh_params(void) |
| 388 |
void |
| 389 |
init_usmDHParameters(void) |
| 390 |
{ |
| 391 |
+ BIGNUM *p, *g; |
| 392 |
static oid usmDHParameters_oid[] = |
| 393 |
{ 1, 3, 6, 1, 3, 101, 1, 1, 1 }; |
| 394 |
|
| 395 |
@@ -38,9 +71,9 @@ init_usmDHParameters(void) |
| 396 |
management apps though */ |
| 397 |
if (!dh_params) { |
| 398 |
dh_params = DH_new(); |
| 399 |
- dh_params->g = BN_new(); |
| 400 |
- BN_hex2bn(&dh_params->g, "02"); |
| 401 |
- BN_hex2bn(&dh_params->p, "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"); |
| 402 |
+ BN_hex2bn(&g, "02"); |
| 403 |
+ BN_hex2bn(&p, "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"); |
| 404 |
+ DH_set0_pqg(dh_params, p, NULL, g); |
| 405 |
} |
| 406 |
} |
| 407 |
|
| 408 |
--- agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c |
| 409 |
+++ agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c |
| 410 |
@@ -20,10 +20,64 @@ |
| 411 |
#include "usmDHUserKeyTable.h" |
| 412 |
#include "snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.h" |
| 413 |
|
| 414 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
| 415 |
+static int |
| 416 |
+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
| 417 |
+{ |
| 418 |
+ /* If the fields p and g in d are NULL, the corresponding input |
| 419 |
+ * parameters MUST be non-NULL. q may remain NULL. |
| 420 |
+ */ |
| 421 |
+ if ((dh->p == NULL && p == NULL) |
| 422 |
+ || (dh->g == NULL && g == NULL)) |
| 423 |
+ return 0; |
| 424 |
+ |
| 425 |
+ if (p != NULL) { |
| 426 |
+ BN_free(dh->p); |
| 427 |
+ dh->p = p; |
| 428 |
+ } |
| 429 |
+ if (q != NULL) { |
| 430 |
+ BN_free(dh->q); |
| 431 |
+ dh->q = q; |
| 432 |
+ } |
| 433 |
+ if (g != NULL) { |
| 434 |
+ BN_free(dh->g); |
| 435 |
+ dh->g = g; |
| 436 |
+ } |
| 437 |
+ |
| 438 |
+ if (q != NULL) { |
| 439 |
+ dh->length = BN_num_bits(q); |
| 440 |
+ } |
| 441 |
+ |
| 442 |
+ return 1; |
| 443 |
+} |
| 444 |
+ |
| 445 |
+static void |
| 446 |
+DH_get0_pqg(const DH *dh, |
| 447 |
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
| 448 |
+{ |
| 449 |
+ if (p != NULL) |
| 450 |
+ *p = dh->p; |
| 451 |
+ if (q != NULL) |
| 452 |
+ *q = dh->q; |
| 453 |
+ if (g != NULL) |
| 454 |
+ *g = dh->g; |
| 455 |
+} |
| 456 |
+ |
| 457 |
+static void |
| 458 |
+DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) |
| 459 |
+{ |
| 460 |
+ if (pub_key != NULL) |
| 461 |
+ *pub_key = dh->pub_key; |
| 462 |
+ if (priv_key != NULL) |
| 463 |
+ *priv_key = dh->priv_key; |
| 464 |
+} |
| 465 |
+#endif |
| 466 |
+ |
| 467 |
DH * |
| 468 |
usmDHGetUserDHptr(struct usmUser *user, int for_auth_key) |
| 469 |
{ |
| 470 |
DH *dh, *dh_params; |
| 471 |
+ const BIGNUM *g, *p; |
| 472 |
void **theptr; |
| 473 |
|
| 474 |
if (user == NULL) |
| 475 |
@@ -44,9 +98,10 @@ usmDHGetUserDHptr(struct usmUser *user, int for_auth_key) |
| 476 |
dh_params = get_dh_params(); |
| 477 |
if (!dh_params) |
| 478 |
return NULL; |
| 479 |
- dh->g = BN_dup(dh_params->g); |
| 480 |
- dh->p = BN_dup(dh_params->p); |
| 481 |
- if (!dh->g || !dh->p) |
| 482 |
+ DH_get0_pqg(dh_params, &p, NULL, &g); |
| 483 |
+ DH_set0_pqg(dh, BN_dup(p), NULL, BN_dup(g)); |
| 484 |
+ DH_get0_pqg(dh, &p, NULL, &g); |
| 485 |
+ if (!g || !p) |
| 486 |
return NULL; |
| 487 |
DH_generate_key(dh); |
| 488 |
*theptr = dh; |
| 489 |
@@ -61,6 +116,7 @@ usmDHGetUserKeyChange(struct usmUser *user, int for_auth_key, |
| 490 |
u_char **keyobj, size_t *keyobj_len) |
| 491 |
{ |
| 492 |
DH *dh; |
| 493 |
+ const BIGNUM *pub_key; |
| 494 |
|
| 495 |
dh = usmDHGetUserDHptr(user, for_auth_key); |
| 496 |
|
| 497 |
@@ -70,9 +126,10 @@ usmDHGetUserKeyChange(struct usmUser *user, int for_auth_key, |
| 498 |
return MFD_ERROR; |
| 499 |
} |
| 500 |
|
| 501 |
- *keyobj_len = BN_num_bytes(dh->pub_key); |
| 502 |
+ DH_get0_key(dh, &pub_key, NULL); |
| 503 |
+ *keyobj_len = BN_num_bytes(pub_key); |
| 504 |
*keyobj = malloc(*keyobj_len); |
| 505 |
- BN_bn2bin(dh->pub_key, *keyobj); |
| 506 |
+ BN_bn2bin(pub_key, *keyobj); |
| 507 |
|
| 508 |
return MFD_SUCCESS; |
| 509 |
} |
| 510 |
--- agent/mibgroup/target/snmpTargetParamsEntry.c |
| 511 |
+++ agent/mibgroup/target/snmpTargetParamsEntry.c |
| 512 |
@@ -686,8 +686,7 @@ var_snmpTargetParamsEntry(struct variable * vp, |
| 513 |
/* |
| 514 |
* including null character. |
| 515 |
*/ |
| 516 |
- memcpy(string, temp_struct->secName, strlen(temp_struct->secName)); |
| 517 |
- string[strlen(temp_struct->secName)] = '\0'; |
| 518 |
+ strlcpy((char *)string, temp_struct->secName, sizeof(string)); |
| 519 |
*var_len = strlen(temp_struct->secName); |
| 520 |
return (unsigned char *) string; |
| 521 |
|
| 522 |
--- agent/mibgroup/ucd-snmp/logmatch.c |
| 523 |
+++ agent/mibgroup/ucd-snmp/logmatch.c |
| 524 |
@@ -393,8 +393,9 @@ logmatch_parse_config(const char *token, char *cptr) |
| 525 |
logmatchTable[logmatchCount].regEx); |
| 526 |
|
| 527 |
/* fill in filename with initial data */ |
| 528 |
- strcpy(logmatchTable[logmatchCount].filename, |
| 529 |
- logmatchTable[logmatchCount].filenamePattern); |
| 530 |
+ strlcpy(logmatchTable[logmatchCount].filename, |
| 531 |
+ logmatchTable[logmatchCount].filenamePattern, |
| 532 |
+ sizeof(logmatchTable[logmatchCount].filename)); |
| 533 |
logmatch_update_filename(logmatchTable[logmatchCount].filenamePattern, |
| 534 |
logmatchTable[logmatchCount].filename); |
| 535 |
|
| 536 |
--- agent/mibgroup/ucd-snmp/proc.c |
| 537 |
+++ agent/mibgroup/ucd-snmp/proc.c |
| 538 |
@@ -168,7 +168,7 @@ procfix_parse_config(const char *token, char *cptr) |
| 539 |
return; |
| 540 |
} |
| 541 |
|
| 542 |
- strcpy(procp->fixcmd, cptr); |
| 543 |
+ strlcpy(procp->fixcmd, cptr, sizeof(procp->fixcmd)); |
| 544 |
} |
| 545 |
|
| 546 |
|
| 547 |
--- agent/mibgroup/util_funcs.c |
| 548 |
+++ agent/mibgroup/util_funcs.c |
| 549 |
@@ -258,7 +258,7 @@ get_exec_output(struct extensible *ex) |
| 550 |
curtime = time(NULL); |
| 551 |
if (curtime > (cachetime + NETSNMP_EXCACHETIME) || |
| 552 |
strcmp(ex->command, lastcmd) != 0) { |
| 553 |
- strcpy(lastcmd, ex->command); |
| 554 |
+ strlcpy(lastcmd, ex->command, sizeof(lastcmd)); |
| 555 |
cachetime = curtime; |
| 556 |
#endif |
| 557 |
|
| 558 |
--- agent/mibgroup/util_funcs/get_pid_from_inode.c |
| 559 |
+++ agent/mibgroup/util_funcs/get_pid_from_inode.c |
| 560 |
@@ -2,6 +2,7 @@ |
| 561 |
|
| 562 |
#include "get_pid_from_inode.h" |
| 563 |
|
| 564 |
+#include <net-snmp/library/system.h> /* strlcpy() */ |
| 565 |
#include <net-snmp/output_api.h> |
| 566 |
|
| 567 |
#include <ctype.h> |
| 568 |
@@ -144,7 +145,8 @@ netsnmp_get_pid_from_inode_init(void) |
| 569 |
if (filelen + strlen(pidinfo->d_name) > PATH_MAX) |
| 570 |
continue; |
| 571 |
|
| 572 |
- strcpy(path_name + filelen, pidinfo->d_name); |
| 573 |
+ strlcpy(path_name + filelen, pidinfo->d_name, |
| 574 |
+ sizeof(path_name) - filelen); |
| 575 |
|
| 576 |
/* The file discriptor is a symbolic link to a socket or a file.*/ |
| 577 |
/* Thus read the symbolic link.*/ |
| 578 |
--- apps/snmpusm.c |
| 579 |
+++ apps/snmpusm.c |
| 580 |
@@ -125,6 +125,39 @@ char *usmUserPublic_val = NULL; |
| 581 |
int docreateandwait = 0; |
| 582 |
|
| 583 |
|
| 584 |
+#if !defined(HAVE_DH_GET0_PQG) |
| 585 |
+ |
| 586 |
+#include <string.h> |
| 587 |
+#include <openssl/dh.h> |
| 588 |
+ |
| 589 |
+void DH_get0_pqg(const DH *dh, |
| 590 |
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
| 591 |
+{ |
| 592 |
+ if (p != NULL) |
| 593 |
+ *p = dh->p; |
| 594 |
+ if (q != NULL) |
| 595 |
+ *q = dh->q; |
| 596 |
+ if (g != NULL) |
| 597 |
+ *g = dh->g; |
| 598 |
+} |
| 599 |
+ |
| 600 |
+#endif |
| 601 |
+ |
| 602 |
+#if defined(HAVE_OPENSSL_DH_H) && !defined(HAVE_DH_GET0_KEY) |
| 603 |
+ |
| 604 |
+#include <string.h> |
| 605 |
+#include <openssl/dh.h> |
| 606 |
+ |
| 607 |
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) |
| 608 |
+{ |
| 609 |
+ if (pub_key != NULL) |
| 610 |
+ *pub_key = dh->pub_key; |
| 611 |
+ if (priv_key != NULL) |
| 612 |
+ *priv_key = dh->priv_key; |
| 613 |
+} |
| 614 |
+ |
| 615 |
+#endif |
| 616 |
+ |
| 617 |
void |
| 618 |
usage(void) |
| 619 |
{ |
| 620 |
@@ -190,7 +223,7 @@ get_USM_DH_key(netsnmp_variable_list *vars, netsnmp_variable_list *dhvar, |
| 621 |
oid *keyoid, size_t keyoid_len) { |
| 622 |
u_char *dhkeychange; |
| 623 |
DH *dh; |
| 624 |
- BIGNUM *other_pub; |
| 625 |
+ BIGNUM *p, *g, *pub_key, *other_pub; |
| 626 |
u_char *key; |
| 627 |
size_t key_len; |
| 628 |
|
| 629 |
@@ -205,25 +238,29 @@ get_USM_DH_key(netsnmp_variable_list *vars, netsnmp_variable_list *dhvar, |
| 630 |
dh = d2i_DHparams(NULL, &cp, dhvar->val_len); |
| 631 |
} |
| 632 |
|
| 633 |
- if (!dh || !dh->g || !dh->p) { |
| 634 |
+ if (dh) |
| 635 |
+ DH_get0_pqg(dh, &p, NULL, &g); |
| 636 |
+ |
| 637 |
+ if (!dh || !g || !p) { |
| 638 |
SNMP_FREE(dhkeychange); |
| 639 |
return SNMPERR_GENERR; |
| 640 |
} |
| 641 |
|
| 642 |
- DH_generate_key(dh); |
| 643 |
- if (!dh->pub_key) { |
| 644 |
+ if (!DH_generate_key(dh)) { |
| 645 |
SNMP_FREE(dhkeychange); |
| 646 |
return SNMPERR_GENERR; |
| 647 |
} |
| 648 |
|
| 649 |
- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { |
| 650 |
+ DH_get0_key(dh, &pub_key, NULL); |
| 651 |
+ |
| 652 |
+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { |
| 653 |
SNMP_FREE(dhkeychange); |
| 654 |
fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", |
| 655 |
- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); |
| 656 |
+ (unsigned long)vars->val_len, BN_num_bytes(pub_key)); |
| 657 |
return SNMPERR_GENERR; |
| 658 |
} |
| 659 |
|
| 660 |
- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); |
| 661 |
+ BN_bn2bin(pub_key, dhkeychange + vars->val_len); |
| 662 |
|
| 663 |
key_len = DH_size(dh); |
| 664 |
if (!key_len) { |
| 665 |
--- configure |
| 666 |
+++ configure |
| 667 |
@@ -23186,13 +23186,76 @@ eval ac_res=\$$as_ac_Lib |
| 668 |
$as_echo "$ac_res" >&6; } |
| 669 |
if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : |
| 670 |
|
| 671 |
-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h |
| 672 |
+$as_echo "#define HAVE_EVP_MD_CTX_CREATE 1" >>confdefs.h |
| 673 |
|
| 674 |
|
| 675 |
-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h |
| 676 |
+$as_echo "#define HAVE_EVP_MD_CTX_DESTROY 1" >>confdefs.h |
| 677 |
|
| 678 |
fi |
| 679 |
|
| 680 |
+ |
| 681 |
+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` |
| 682 |
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 |
| 683 |
+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } |
| 684 |
+if eval \${$as_ac_Lib+:} false; then : |
| 685 |
+ $as_echo_n "(cached) " >&6 |
| 686 |
+else |
| 687 |
+ ac_check_lib_save_LIBS=$LIBS |
| 688 |
+LIBS="-l${CRYPTO} $LIBS" |
| 689 |
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
| 690 |
+/* end confdefs.h. */ |
| 691 |
+ |
| 692 |
+/* Override any GCC internal prototype to avoid an error. |
| 693 |
+ Use char because int might match the return type of a GCC |
| 694 |
+ builtin and then its argument prototype would still apply. */ |
| 695 |
+#ifdef __cplusplus |
| 696 |
+extern "C" |
| 697 |
+#endif |
| 698 |
+char EVP_MD_CTX_new (); |
| 699 |
+int |
| 700 |
+main () |
| 701 |
+{ |
| 702 |
+return EVP_MD_CTX_new (); |
| 703 |
+ ; |
| 704 |
+ return 0; |
| 705 |
+} |
| 706 |
+_ACEOF |
| 707 |
+if ac_fn_c_try_link "$LINENO"; then : |
| 708 |
+ eval "$as_ac_Lib=yes" |
| 709 |
+else |
| 710 |
+ eval "$as_ac_Lib=no" |
| 711 |
+fi |
| 712 |
+rm -f core conftest.err conftest.$ac_objext \ |
| 713 |
+ conftest$ac_exeext conftest.$ac_ext |
| 714 |
+LIBS=$ac_check_lib_save_LIBS |
| 715 |
+fi |
| 716 |
+eval ac_res=\$$as_ac_Lib |
| 717 |
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 |
| 718 |
+$as_echo "$ac_res" >&6; } |
| 719 |
+if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : |
| 720 |
+ |
| 721 |
+$as_echo "#define HAVE_EVP_MD_CTX_NEW 1" >>confdefs.h |
| 722 |
+ |
| 723 |
+ |
| 724 |
+$as_echo "#define HAVE_EVP_MD_CTX_FREE 1" >>confdefs.h |
| 725 |
+ |
| 726 |
+fi |
| 727 |
+ |
| 728 |
+ save_LIBS=$LIBS |
| 729 |
+ LIBS="$LIBS -l${CRYPTO}" |
| 730 |
+ for ac_func in DH_get0_pqg DH_get0_key X509_NAME_ENTRY_get_data X509_NAME_ENTRY_get_object X509_get_signature_nid |
| 731 |
+do : |
| 732 |
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` |
| 733 |
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" |
| 734 |
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then : |
| 735 |
+ cat >>confdefs.h <<_ACEOF |
| 736 |
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 |
| 737 |
+_ACEOF |
| 738 |
+ |
| 739 |
+fi |
| 740 |
+done |
| 741 |
+ |
| 742 |
+ LIBS=$save_LIBS |
| 743 |
fi |
| 744 |
if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then |
| 745 |
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for DTLSv1_method in -lssl" >&5 |
| 746 |
@@ -23249,7 +23312,7 @@ if ${ac_cv_lib_ssl_SSL_library_init+:} false; then : |
| 747 |
$as_echo_n "(cached) " >&6 |
| 748 |
else |
| 749 |
ac_check_lib_save_LIBS=$LIBS |
| 750 |
-LIBS="-lssl -lcrypto $LIBS" |
| 751 |
+LIBS="-lssl $LIBS" |
| 752 |
cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
| 753 |
/* end confdefs.h. */ |
| 754 |
|
| 755 |
@@ -23283,11 +23346,55 @@ if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then : |
| 756 |
|
| 757 |
$as_echo "#define HAVE_LIBSSL 1" >>confdefs.h |
| 758 |
|
| 759 |
+fi |
| 760 |
+ |
| 761 |
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5 |
| 762 |
+$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; } |
| 763 |
+if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then : |
| 764 |
+ $as_echo_n "(cached) " >&6 |
| 765 |
+else |
| 766 |
+ ac_check_lib_save_LIBS=$LIBS |
| 767 |
+LIBS="-lssl $LIBS" |
| 768 |
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
| 769 |
+/* end confdefs.h. */ |
| 770 |
+ |
| 771 |
+/* Override any GCC internal prototype to avoid an error. |
| 772 |
+ Use char because int might match the return type of a GCC |
| 773 |
+ builtin and then its argument prototype would still apply. */ |
| 774 |
+#ifdef __cplusplus |
| 775 |
+extern "C" |
| 776 |
+#endif |
| 777 |
+char OPENSSL_init_ssl (); |
| 778 |
+int |
| 779 |
+main () |
| 780 |
+{ |
| 781 |
+return OPENSSL_init_ssl (); |
| 782 |
+ ; |
| 783 |
+ return 0; |
| 784 |
+} |
| 785 |
+_ACEOF |
| 786 |
+if ac_fn_c_try_link "$LINENO"; then : |
| 787 |
+ ac_cv_lib_ssl_OPENSSL_init_ssl=yes |
| 788 |
+else |
| 789 |
+ ac_cv_lib_ssl_OPENSSL_init_ssl=no |
| 790 |
+fi |
| 791 |
+rm -f core conftest.err conftest.$ac_objext \ |
| 792 |
+ conftest$ac_exeext conftest.$ac_ext |
| 793 |
+LIBS=$ac_check_lib_save_LIBS |
| 794 |
+fi |
| 795 |
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_OPENSSL_init_ssl" >&5 |
| 796 |
+$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; } |
| 797 |
+if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then : |
| 798 |
+ |
| 799 |
+$as_echo "#define HAVE_LIBSSL 1" >>confdefs.h |
| 800 |
+ |
| 801 |
+fi |
| 802 |
+ |
| 803 |
+ if test "$ac_cv_lib_ssl_SSL_library_init" = yes -o "$ac_cv_lib_ssl_OPENSSL_init_ssl" = yes; then |
| 804 |
LIBCRYPTO=" -lssl $LIBCRYPTO" |
| 805 |
else |
| 806 |
as_fn_error $? "The DTLS based transports require the libssl library from OpenSSL to be available" "$LINENO" 5 |
| 807 |
fi |
| 808 |
- |
| 809 |
TLSPROG=yes |
| 810 |
fi |
| 811 |
if echo " $transport_result_list " | $GREP " SSH " > /dev/null; then |
| 812 |
--- configure.d/config_os_libs2 |
| 813 |
+++ configure.d/config_os_libs2 |
| 814 |
@@ -293,10 +293,23 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then |
| 815 |
[Define to 1 if you have the `AES_cfb128_encrypt' function.])) |
| 816 |
|
| 817 |
AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, |
| 818 |
- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], |
| 819 |
+ AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1], |
| 820 |
[Define to 1 if you have the `EVP_MD_CTX_create' function.]) |
| 821 |
- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], |
| 822 |
+ AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1], |
| 823 |
[Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) |
| 824 |
+ |
| 825 |
+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, |
| 826 |
+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], |
| 827 |
+ [Define to 1 if you have the `EVP_MD_CTX_new' function.]) |
| 828 |
+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], |
| 829 |
+ [Define to 1 if you have the `EVP_MD_CTX_free' function.])) |
| 830 |
+ save_LIBS=$LIBS |
| 831 |
+ LIBS="$LIBS -l${CRYPTO}" |
| 832 |
+ AC_CHECK_FUNCS([DH_get0_pqg DH_get0_key ] dnl |
| 833 |
+ [X509_NAME_ENTRY_get_data ] dnl |
| 834 |
+ [X509_NAME_ENTRY_get_object] dnl |
| 835 |
+ [X509_get_signature_nid]) |
| 836 |
+ LIBS=$save_LIBS |
| 837 |
fi |
| 838 |
if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then |
| 839 |
AC_CHECK_LIB(ssl, DTLSv1_method, |
| 840 |
@@ -309,9 +322,15 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then |
| 841 |
if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then |
| 842 |
AC_CHECK_LIB(ssl, SSL_library_init, |
| 843 |
AC_DEFINE(HAVE_LIBSSL, 1, |
| 844 |
- [Define to 1 if you have the `ssl' library (-lssl).]) |
| 845 |
- LIBCRYPTO=" -lssl $LIBCRYPTO", |
| 846 |
- AC_MSG_ERROR([The DTLS based transports require the libssl library from OpenSSL to be available]) ,-lcrypto) |
| 847 |
+ [Define to 1 if you have the `ssl' library (-lssl).])) |
| 848 |
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, |
| 849 |
+ AC_DEFINE(HAVE_LIBSSL, 1, |
| 850 |
+ [Define to 1 if you have the `ssl' library (-lssl).])) |
| 851 |
+ if test "$ac_cv_lib_ssl_SSL_library_init" = yes -o "$ac_cv_lib_ssl_OPENSSL_init_ssl" = yes; then |
| 852 |
+ LIBCRYPTO=" -lssl $LIBCRYPTO" |
| 853 |
+ else |
| 854 |
+ AC_MSG_ERROR([The DTLS based transports require the libssl library from OpenSSL to be available]) |
| 855 |
+ fi |
| 856 |
TLSPROG=yes |
| 857 |
fi |
| 858 |
if echo " $transport_result_list " | $GREP " SSH " > /dev/null; then |
| 859 |
--- include/net-snmp/net-snmp-config.h.in |
| 860 |
+++ include/net-snmp/net-snmp-config.h.in |
| 861 |
@@ -124,6 +124,12 @@ |
| 862 |
/* define if you have devstat_getdevs() */ |
| 863 |
#undef HAVE_DEVSTAT_GETDEVS |
| 864 |
|
| 865 |
+/* Define to 1 if you have the `DH_get0_key' function. */ |
| 866 |
+#undef HAVE_DH_GET0_KEY |
| 867 |
+ |
| 868 |
+/* Define to 1 if you have the `DH_get0_pqg' function. */ |
| 869 |
+#undef HAVE_DH_GET0_PQG |
| 870 |
+ |
| 871 |
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. |
| 872 |
*/ |
| 873 |
#undef HAVE_DIRENT_H |
| 874 |
@@ -155,6 +161,12 @@ |
| 875 |
/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ |
| 876 |
#undef HAVE_EVP_MD_CTX_DESTROY |
| 877 |
|
| 878 |
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ |
| 879 |
+#undef HAVE_EVP_MD_CTX_FREE |
| 880 |
+ |
| 881 |
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ |
| 882 |
+#undef HAVE_EVP_MD_CTX_NEW |
| 883 |
+ |
| 884 |
/* Define if you have EVP_sha224/256 in openssl */ |
| 885 |
#undef HAVE_EVP_SHA224 |
| 886 |
|
| 887 |
@@ -1298,6 +1310,15 @@ |
| 888 |
/* Define to 1 if you have the <ws2tcpip.h> header file. */ |
| 889 |
#undef HAVE_WS2TCPIP_H |
| 890 |
|
| 891 |
+/* Define to 1 if you have the `X509_get_signature_nid' function. */ |
| 892 |
+#undef HAVE_X509_GET_SIGNATURE_NID |
| 893 |
+ |
| 894 |
+/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ |
| 895 |
+#undef HAVE_X509_NAME_ENTRY_GET_DATA |
| 896 |
+ |
| 897 |
+/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ |
| 898 |
+#undef HAVE_X509_NAME_ENTRY_GET_OBJECT |
| 899 |
+ |
| 900 |
/* Define to 1 if you have the <xti.h> header file. */ |
| 901 |
#undef HAVE_XTI_H |
| 902 |
|
| 903 |
--- snmplib/keytools.c |
| 904 |
+++ snmplib/keytools.c |
| 905 |
@@ -149,7 +149,9 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, |
| 906 |
*/ |
| 907 |
#ifdef NETSNMP_USE_OPENSSL |
| 908 |
|
| 909 |
-#ifdef HAVE_EVP_MD_CTX_CREATE |
| 910 |
+#ifdef HAVE_EVP_MD_CTX_NEW |
| 911 |
+ ctx = EVP_MD_CTX_new(); |
| 912 |
+#elif HAVE_EVP_MD_CTX_CREATE |
| 913 |
ctx = EVP_MD_CTX_create(); |
| 914 |
#else |
| 915 |
ctx = malloc(sizeof(*ctx)); |
| 916 |
@@ -259,7 +261,9 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, |
| 917 |
memset(buf, 0, sizeof(buf)); |
| 918 |
#ifdef NETSNMP_USE_OPENSSL |
| 919 |
if (ctx) { |
| 920 |
-#ifdef HAVE_EVP_MD_CTX_DESTROY |
| 921 |
+#ifdef HAVE_EVP_MD_CTX_FREE |
| 922 |
+ EVP_MD_CTX_free(ctx); |
| 923 |
+#elif HAVE_EVP_MD_CTX_DESTROY |
| 924 |
EVP_MD_CTX_destroy(ctx); |
| 925 |
#else |
| 926 |
EVP_MD_CTX_cleanup(ctx); |
| 927 |
--- snmplib/scapi.c |
| 928 |
+++ snmplib/scapi.c |
| 929 |
@@ -486,7 +486,9 @@ sc_hash(const oid * hashtype, size_t hashtypelen, const u_char * buf, |
| 930 |
} |
| 931 |
|
| 932 |
/** initialize the pointer */ |
| 933 |
-#ifdef HAVE_EVP_MD_CTX_CREATE |
| 934 |
+#ifdef HAVE_EVP_MD_CTX_NEW |
| 935 |
+ cptr = EVP_MD_CTX_new(); |
| 936 |
+#elif HAVE_EVP_MD_CTX_CREATE |
| 937 |
cptr = EVP_MD_CTX_create(); |
| 938 |
#else |
| 939 |
cptr = malloc(sizeof(*cptr)); |
| 940 |
@@ -507,7 +509,9 @@ sc_hash(const oid * hashtype, size_t hashtypelen, const u_char * buf, |
| 941 |
/** do the final pass */ |
| 942 |
EVP_DigestFinal(cptr, MAC, &tmp_len); |
| 943 |
*MAC_len = tmp_len; |
| 944 |
-#ifdef HAVE_EVP_MD_CTX_DESTROY |
| 945 |
+#ifdef HAVE_EVP_MD_CTX_FREE |
| 946 |
+ EVP_MD_CTX_free(cptr); |
| 947 |
+#elif HAVE_EVP_MD_CTX_DESTROY |
| 948 |
EVP_MD_CTX_destroy(cptr); |
| 949 |
#else |
| 950 |
#if !defined(OLD_DES) |
| 951 |
--- snmplib/snmp_openssl.c |
| 952 |
+++ snmplib/snmp_openssl.c |
| 953 |
@@ -141,6 +141,28 @@ netsnmp_openssl_cert_get_commonName(X509 *ocert, char **buf, int *len) |
| 954 |
} |
| 955 |
|
| 956 |
#ifndef NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES |
| 957 |
+ |
| 958 |
+#ifndef HAVE_X509_NAME_ENTRY_GET_DATA |
| 959 |
+static ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) |
| 960 |
+{ |
| 961 |
+ return ne ? ne->value : NULL; |
| 962 |
+} |
| 963 |
+#endif |
| 964 |
+ |
| 965 |
+#ifndef HAVE_X509_NAME_ENTRY_GET_OBJECT |
| 966 |
+static ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) |
| 967 |
+{ |
| 968 |
+ return ne ? ne->object : NULL; |
| 969 |
+} |
| 970 |
+#endif |
| 971 |
+ |
| 972 |
+#ifndef HAVE_X509_GET_SIGNATURE_NID |
| 973 |
+static int X509_get_signature_nid(const X509 *x) |
| 974 |
+{ |
| 975 |
+ return OBJ_obj2nid(x->sig_alg->algorithm); |
| 976 |
+} |
| 977 |
+#endif |
| 978 |
+ |
| 979 |
/** netsnmp_openssl_cert_dump_name: dump subject names in cert |
| 980 |
*/ |
| 981 |
void |
| 982 |
@@ -148,6 +170,7 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) |
| 983 |
{ |
| 984 |
int i, onid; |
| 985 |
X509_NAME_ENTRY *oname_entry; |
| 986 |
+ ASN1_STRING *oname_value; |
| 987 |
X509_NAME *osubj_name; |
| 988 |
const char *prefix_short, *prefix_long; |
| 989 |
|
| 990 |
@@ -163,12 +186,13 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) |
| 991 |
for (i = 0; i < X509_NAME_entry_count(osubj_name); i++) { |
| 992 |
oname_entry = X509_NAME_get_entry(osubj_name, i); |
| 993 |
netsnmp_assert(NULL != oname_entry); |
| 994 |
+ oname_value = X509_NAME_ENTRY_get_data(oname_entry); |
| 995 |
|
| 996 |
- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) |
| 997 |
+ if (oname_value->type != V_ASN1_PRINTABLESTRING) |
| 998 |
continue; |
| 999 |
|
| 1000 |
/** get NID */ |
| 1001 |
- onid = OBJ_obj2nid(oname_entry->object); |
| 1002 |
+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); |
| 1003 |
if (onid == NID_undef) { |
| 1004 |
prefix_long = prefix_short = "UNKNOWN"; |
| 1005 |
} |
| 1006 |
@@ -179,9 +203,9 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) |
| 1007 |
|
| 1008 |
DEBUGMSGT(("9:cert:dump:names", |
| 1009 |
"[%02d] NID type %d, ASN type %d\n", i, onid, |
| 1010 |
- oname_entry->value->type)); |
| 1011 |
+ oname_value->type)); |
| 1012 |
DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, |
| 1013 |
- prefix_short, ASN1_STRING_data(oname_entry->value))); |
| 1014 |
+ prefix_short, ASN1_STRING_data(oname_value))); |
| 1015 |
} |
| 1016 |
} |
| 1017 |
#endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ |
| 1018 |
@@ -470,7 +494,7 @@ netsnmp_openssl_cert_get_hash_type(X509 *ocert) |
| 1019 |
if (NULL == ocert) |
| 1020 |
return 0; |
| 1021 |
|
| 1022 |
- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); |
| 1023 |
+ return _nid2ht(X509_get_signature_nid(ocert)); |
| 1024 |
} |
| 1025 |
|
| 1026 |
/** |
| 1027 |
@@ -487,7 +511,7 @@ netsnmp_openssl_cert_get_fingerprint(X509 *ocert, int alg) |
| 1028 |
if (NULL == ocert) |
| 1029 |
return NULL; |
| 1030 |
|
| 1031 |
- nid = OBJ_obj2nid(ocert->sig_alg->algorithm); |
| 1032 |
+ nid = X509_get_signature_nid(ocert); |
| 1033 |
DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, |
| 1034 |
_nid2ht(nid))); |
| 1035 |
|
| 1036 |
--- snmplib/vacm.c |
| 1037 |
+++ snmplib/vacm.c |
| 1038 |
@@ -54,6 +54,7 @@ |
| 1039 |
#include <net-snmp/config_api.h> |
| 1040 |
|
| 1041 |
#include <net-snmp/library/snmp_api.h> |
| 1042 |
+#include <net-snmp/library/system.h> /* strlcpy() */ |
| 1043 |
#include <net-snmp/library/tools.h> |
| 1044 |
#include <net-snmp/library/vacm.h> |
| 1045 |
|
| 1046 |
@@ -439,7 +440,7 @@ netsnmp_view_get(struct vacm_viewEntry *head, const char *viewName, |
| 1047 |
if (glen < 0 || glen > VACM_MAX_STRING) |
| 1048 |
return NULL; |
| 1049 |
view[0] = glen; |
| 1050 |
- strcpy(view + 1, viewName); |
| 1051 |
+ strlcpy(view + 1, viewName, sizeof(view) - 1); |
| 1052 |
for (vp = head; vp; vp = vp->next) { |
| 1053 |
if (!memcmp(view, vp->viewName, glen + 1) |
| 1054 |
&& viewSubtreeLen >= (vp->viewSubtreeLen - 1)) { |
| 1055 |
@@ -522,7 +523,7 @@ netsnmp_view_subtree_check(struct vacm_viewEntry *head, const char *viewName, |
| 1056 |
if (glen < 0 || glen > VACM_MAX_STRING) |
| 1057 |
return VACM_NOTINVIEW; |
| 1058 |
view[0] = glen; |
| 1059 |
- strcpy(view + 1, viewName); |
| 1060 |
+ strlcpy(view + 1, viewName, sizeof(view) - 1); |
| 1061 |
DEBUGMSGTL(("9:vacm:checkSubtree", "view %s\n", viewName)); |
| 1062 |
for (vp = head; vp; vp = vp->next) { |
| 1063 |
if (!memcmp(view, vp->viewName, glen + 1)) { |
| 1064 |
@@ -689,7 +690,7 @@ netsnmp_view_create(struct vacm_viewEntry **head, const char *viewName, |
| 1065 |
} |
| 1066 |
|
| 1067 |
vp->viewName[0] = glen; |
| 1068 |
- strcpy(vp->viewName + 1, viewName); |
| 1069 |
+ strlcpy(vp->viewName + 1, viewName, sizeof(vp->viewName) - 1); |
| 1070 |
vp->viewSubtree[0] = viewSubtreeLen; |
| 1071 |
memcpy(vp->viewSubtree + 1, viewSubtree, viewSubtreeLen * sizeof(oid)); |
| 1072 |
vp->viewSubtreeLen = viewSubtreeLen + 1; |
| 1073 |
@@ -768,7 +769,7 @@ vacm_getGroupEntry(int securityModel, const char *securityName) |
| 1074 |
if (glen < 0 || glen > VACM_MAX_STRING) |
| 1075 |
return NULL; |
| 1076 |
secname[0] = glen; |
| 1077 |
- strcpy(secname + 1, securityName); |
| 1078 |
+ strlcpy(secname + 1, securityName, sizeof(secname) - 1); |
| 1079 |
|
| 1080 |
for (vp = groupList; vp; vp = vp->next) { |
| 1081 |
if ((securityModel == vp->securityModel |
| 1082 |
@@ -817,7 +818,7 @@ vacm_createGroupEntry(int securityModel, const char *securityName) |
| 1083 |
|
| 1084 |
gp->securityModel = securityModel; |
| 1085 |
gp->securityName[0] = glen; |
| 1086 |
- strcpy(gp->securityName + 1, securityName); |
| 1087 |
+ strlcpy(gp->securityName + 1, securityName, sizeof(gp->securityName) - 1); |
| 1088 |
|
| 1089 |
lg = groupList; |
| 1090 |
og = NULL; |
| 1091 |
@@ -939,9 +940,9 @@ vacm_getAccessEntry(const char *groupName, |
| 1092 |
return NULL; |
| 1093 |
|
| 1094 |
group[0] = glen; |
| 1095 |
- strcpy(group + 1, groupName); |
| 1096 |
+ strlcpy(group + 1, groupName, sizeof(group) - 1); |
| 1097 |
context[0] = clen; |
| 1098 |
- strcpy(context + 1, contextPrefix); |
| 1099 |
+ strlcpy(context + 1, contextPrefix, sizeof(context) - 1); |
| 1100 |
for (vp = accessList; vp; vp = vp->next) { |
| 1101 |
if ((securityModel == vp->securityModel |
| 1102 |
|| vp->securityModel == SNMP_SEC_MODEL_ANY) |
| 1103 |
@@ -1006,9 +1007,10 @@ vacm_createAccessEntry(const char *groupName, |
| 1104 |
vp->securityModel = securityModel; |
| 1105 |
vp->securityLevel = securityLevel; |
| 1106 |
vp->groupName[0] = glen; |
| 1107 |
- strcpy(vp->groupName + 1, groupName); |
| 1108 |
+ strlcpy(vp->groupName + 1, groupName, sizeof(vp->groupName) - 1); |
| 1109 |
vp->contextPrefix[0] = clen; |
| 1110 |
- strcpy(vp->contextPrefix + 1, contextPrefix); |
| 1111 |
+ strlcpy(vp->contextPrefix + 1, contextPrefix, |
| 1112 |
+ sizeof(vp->contextPrefix) - 1); |
| 1113 |
|
| 1114 |
lp = accessList; |
| 1115 |
while (lp) { |
| 1116 |
--- win32/net-snmp/net-snmp-config.h |
| 1117 |
+++ win32/net-snmp/net-snmp-config.h |
| 1118 |
@@ -250,6 +250,21 @@ |
| 1119 |
/* Define to 1 if you have the <direct.h> header file. */ |
| 1120 |
#define HAVE_DIRECT_H 1 |
| 1121 |
|
| 1122 |
+/* Define to 1 if you have the `DH_get0_key' function. */ |
| 1123 |
+#define HAVE_DH_GET0_KEY 1 |
| 1124 |
+ |
| 1125 |
+/* Define to 1 if you have the `DH_get0_pqg' function. */ |
| 1126 |
+#define HAVE_DH_GET0_PQG 1 |
| 1127 |
+ |
| 1128 |
+/* Define to 1 if you have the `X509_get_signature_nid' function. */ |
| 1129 |
+#define HAVE_X509_GET_SIGNATURE_NID 1 |
| 1130 |
+ |
| 1131 |
+/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ |
| 1132 |
+#define HAVE_X509_NAME_ENTRY_GET_DATA 1 |
| 1133 |
+ |
| 1134 |
+/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ |
| 1135 |
+#define HAVE_X509_NAME_ENTRY_GET_OBJECT 1 |
| 1136 |
+ |
| 1137 |
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. |
| 1138 |
*/ |
| 1139 |
/* #undef HAVE_DIRENT_H */ |
| 1140 |
--- win32/net-snmp/net-snmp-config.h.in |
| 1141 |
+++ win32/net-snmp/net-snmp-config.h.in |
| 1142 |
@@ -250,6 +250,21 @@ |
| 1143 |
/* Define to 1 if you have the <direct.h> header file. */ |
| 1144 |
#define HAVE_DIRECT_H 1 |
| 1145 |
|
| 1146 |
+/* Define to 1 if you have the `DH_get0_key' function. */ |
| 1147 |
+#define HAVE_DH_GET0_KEY 1 |
| 1148 |
+ |
| 1149 |
+/* Define to 1 if you have the `DH_get0_pqg' function. */ |
| 1150 |
+#define HAVE_DH_GET0_PQG 1 |
| 1151 |
+ |
| 1152 |
+/* Define to 1 if you have the `X509_get_signature_nid' function. */ |
| 1153 |
+#define HAVE_X509_GET_SIGNATURE_NID 1 |
| 1154 |
+ |
| 1155 |
+/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ |
| 1156 |
+#define HAVE_X509_NAME_ENTRY_GET_DATA 1 |
| 1157 |
+ |
| 1158 |
+/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ |
| 1159 |
+#define HAVE_X509_NAME_ENTRY_GET_OBJECT 1 |
| 1160 |
+ |
| 1161 |
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. |
| 1162 |
*/ |
| 1163 |
/* #undef HAVE_DIRENT_H */ |
| 1164 |
|
| 1165 |
|
| 1166 |
|
| 1167 |
|