FreeBSD Bugzilla – Attachment 198040 Details for
Bug 228898
net-mgmt/net-snmp: Fails to link with OpenSSL 1.1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svm-diff-net-snmp-openssl
svn-diff-net-snmp (text/plain), 42.69 KB, created by
Walter Schwarzenfeld
on 2018-10-11 17:35:36 UTC
(
hide
)
Description:
svm-diff-net-snmp-openssl
Filename:
MIME Type:
Creator:
Walter Schwarzenfeld
Created:
2018-10-11 17:35:36 UTC
Size:
42.69 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 481840) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= snmp > PORTVERSION= 5.7.3 >-PORTREVISION= 19 >+PORTREVISION= 20 > CATEGORIES= net-mgmt ipv6 > MASTER_SITES= SF/net-${PORTNAME}/net-${PORTNAME}/${PORTVERSION} \ > ZI >Index: files/patch-openssl >=================================================================== >--- files/patch-openssl (nonexistent) >+++ files/patch-openssl (working copy) >@@ -0,0 +1,1167 @@ >+--- agent/mibgroup/disman/event/mteEvent.c >++++ agent/mibgroup/disman/event/mteEvent.c >+@@ -76,9 +76,7 @@ _init_builtin_mteEvent( const char *event, const char *oname, oid *trapOID, size >+ netsnmp_tdata_row *row; >+ struct mteEvent *entry; >+ >+- memset(ename, 0, sizeof(ename)); >+- ename[0] = '_'; >+- memcpy(ename+1, event, strlen(event)); >++ snprintf(ename, sizeof(ename), "_%s", event); >+ >+ row = mteEvent_createEntry( "_snmpd", ename, 1 ); >+ if (!row || !row->data) >+@@ -89,7 +87,7 @@ _init_builtin_mteEvent( const char *event, const char *oname, oid *trapOID, size >+ entry->mteNotification_len = trapOID_len; >+ memcpy( entry->mteNotification, trapOID, trapOID_len*sizeof(oid)); >+ memcpy( entry->mteNotifyOwner, "_snmpd", 6 ); >+- memcpy( entry->mteNotifyObjects, oname, strlen(oname)); >++ strlcpy(entry->mteNotifyObjects, oname, sizeof(entry->mteNotifyObjects)); >+ entry->flags |= MTE_EVENT_FLAG_ENABLED| >+ MTE_EVENT_FLAG_ACTIVE| >+ MTE_EVENT_FLAG_VALID; >+--- agent/mibgroup/disman/event/mteTriggerConf.c >++++ agent/mibgroup/disman/event/mteTriggerConf.c >+@@ -507,13 +507,12 @@ parse_mteMonitor(const char *token, const char *line) >+ memcpy(oid_name_buf, buf, SPRINT_MAX_LEN); >+ memset( buf, 0, SPRINT_MAX_LEN); >+ cp = copy_nword_const(cp, buf, SPRINT_MAX_LEN); >+- value = strtol(buf, NULL, 0); >++ value = strtol(buf, NULL, 0); >+ >+ /* >+ * ... then save the rest of the line for later. >+ */ >+- memset( buf, 0, strlen(buf)); >+- memcpy( buf, cp, strlen(cp)); >++ strlcpy(buf, cp, sizeof(buf)); >+ cp = NULL; /* To terminate the processing loop */ >+ DEBUGMSGTL(("disman:event:conf", "%s: Thresh (%s, %ld, %s)\n", >+ tname, oid_name_buf, value, buf)); >+--- agent/mibgroup/disman/schedule/schedCore.c >++++ agent/mibgroup/disman/schedule/schedCore.c >+@@ -454,6 +454,7 @@ schedTable_createEntry(const char *schedOwner, const char *schedName) >+ { >+ struct schedTable_entry *entry; >+ netsnmp_tdata_row *row; >++ int len; >+ >+ DEBUGMSGTL(("disman:schedule:entry", "creating entry (%s, %s)\n", >+ schedOwner, schedName)); >+@@ -472,16 +473,20 @@ schedTable_createEntry(const char *schedOwner, const char *schedName) >+ * data structure, and in the table_data helper. >+ */ >+ if (schedOwner) { >+- memcpy(entry->schedOwner, schedOwner, strlen(schedOwner)); >+- netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, >+- entry->schedOwner, strlen(schedOwner)); >++ len = strlen(schedOwner); >++ if (len > sizeof(entry->schedOwner)) >++ len = sizeof(entry->schedOwner); >++ memcpy(entry->schedOwner, schedOwner, len); >++ netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, entry->schedOwner, len); >+ } >+ else >+ netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, "", 0 ); >+ >+- memcpy( entry->schedName, schedName, strlen(schedName)); >+- netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, >+- entry->schedName, strlen(schedName)); >++ len = strlen(schedName); >++ if (len > sizeof(entry->schedName)) >++ len = sizeof(entry->schedName); >++ memcpy(entry->schedName, schedName, len); >++ netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, entry->schedName, len); >+ /* >+ * Set the (non-zero) default values in the row data structure. >+ */ >+--- agent/mibgroup/hardware/cpu/cpu.c >++++ agent/mibgroup/hardware/cpu/cpu.c >+@@ -148,7 +148,7 @@ netsnmp_cpu_info *netsnmp_cpu_get_byName( char *name, int create ) { >+ return NULL; >+ } >+ >+- strcpy(cpu->name, name); >++ strlcpy(cpu->name, name, sizeof(cpu)); >+ if ( _cpu_tail ) { >+ cpu->idx = _cpu_tail->idx+1; >+ _cpu_tail->next = cpu; >+--- agent/mibgroup/hardware/cpu/cpu_linux.c >++++ agent/mibgroup/hardware/cpu/cpu_linux.c >+@@ -72,7 +72,7 @@ void init_cpu_linux( void ) { >+ #ifdef DESCR_FIELD >+ if (!strncmp( buf, DESCR_FIELD, strlen(DESCR_FIELD))) { >+ cp = strchr( buf, ':' ); >+- strcpy( cpu->descr, cp+2 ); >++ strlcpy(cpu->descr, cp + 2, sizeof(cpu->descr)); >+ cp = strchr( cpu->descr, '\n' ); >+ *cp = 0; >+ } >+--- agent/mibgroup/hardware/cpu/cpu_pcp.c >++++ agent/mibgroup/hardware/cpu/cpu_pcp.c >+@@ -120,7 +120,7 @@ void init_cpu_pcp( void ) { >+ for (i=0; i<cpu_num ; i++) { >+ cpu = netsnmp_cpu_get_byIdx( i, 1 ); >+ sprintf(tstr, "cpu%d",i); >+- strcpy(cpu->name, tstr); >++ strlcpy(cpu->name, tstr, sizeof(cpu->name)); >+ strcpy(cpu->descr, "An electronic chip that makes the computer work"); >+ } >+ } >+--- agent/mibgroup/hardware/cpu/cpu_sysinfo.c >++++ agent/mibgroup/hardware/cpu/cpu_sysinfo.c >+@@ -66,7 +66,7 @@ void init_cpu_sysinfo( void ) >+ { >+ cpu = netsnmp_cpu_get_byIdx(i, 1); >+ sprintf(tstr, "cpu%d",i); >+- strcpy(cpu->name, tstr); >++ strlcpy(cpu->name, tstr, sizeof(cpu->name)); >+ strcpy(cpu->descr, "Central Processing Unit"); >+ } >+ } >+--- agent/mibgroup/hardware/sensors/hw_sensors.c >++++ agent/mibgroup/hardware/sensors/hw_sensors.c >+@@ -168,7 +168,7 @@ sensor_by_name( const char *name, int create_type ) >+ free(sp); >+ return NULL; >+ } >+- strcpy( sp->name, name ); >++ strlcpy(sp->name, name, sizeof(sp->name)); >+ sp->type = create_type; >+ /* >+ * Set up the index value. >+--- agent/mibgroup/host/hr_disk.c >++++ agent/mibgroup/host/hr_disk.c >+@@ -407,7 +407,7 @@ parse_disk_config(const char *token, char *cptr) >+ *p != '\0' && *p != '?' && *p != '*' && *p != '['; p++); >+ c = *p; >+ *p = '\0'; >+- d_str = (char *) malloc(strlen(name) + 1); >++ d_str = strdup(name); >+ if (!d_str) { >+ SNMP_FREE(d_new); >+ SNMP_FREE(d_str); >+@@ -416,7 +416,6 @@ parse_disk_config(const char *token, char *cptr) >+ config_perror("Out of memory"); >+ return; >+ } >+- strcpy(d_str, name); >+ *p = c; >+ di_curr->item_type = ITEM_STRING; >+ di_curr->item_details = (void *) d_str; >+--- agent/mibgroup/host/hr_network.c >++++ agent/mibgroup/host/hr_network.c >+@@ -257,7 +257,7 @@ int HRN_index; >+ void >+ Save_HR_Network_Info(void) >+ { >+- strcpy(HRN_savedName, HRN_name); >++ strlcpy(HRN_savedName, HRN_name, sizeof(HRN_savedName)); >+ #if defined( USING_IF_MIB_IFTABLE_IFTABLE_DATA_ACCESS_MODULE ) >+ HRN_savedFlags = HRN_ifnet->os_flags; >+ HRN_savedErrors = HRN_ifnet->stats.ierrors + HRN_ifnet->stats.oerrors; >+--- agent/mibgroup/host/hr_swrun.c >++++ agent/mibgroup/host/hr_swrun.c >+@@ -698,13 +698,13 @@ var_hrswrun(struct variable * vp, >+ *cp = '\0'; >+ #elif HAVE_KVM_GETPROCS >+ #if defined(freebsd5) && __FreeBSD_version >= 500014 >+- strcpy(string, proc_table[LowProcIndex].ki_comm); >++ strlcpy(string, proc_table[LowProcIndex].ki_comm, sizeof(string)); >+ #elif defined(dragonfly) && __DragonFly_version >= 190000 >+- strcpy(string, proc_table[LowProcIndex].kp_comm); >++ strlcpy(string, proc_table[LowProcIndex].kp_comm, sizeof(string)); >+ #elif defined(openbsd5) >+- strcpy(string, proc_table[LowProcIndex].p_comm); >++ strlcpy(string, proc_table[LowProcIndex].p_comm, sizeof(string)); >+ #else >+- strcpy(string, proc_table[LowProcIndex].kp_proc.p_comm); >++ strlcpy(string, proc_table[LowProcIndex].kp_proc.p_comm, sizeof(string)); >+ #endif >+ #elif defined(linux) >+ if( (cp=get_proc_name_from_status(pid,buf,sizeof(buf))) == NULL ) { >+@@ -712,7 +712,7 @@ var_hrswrun(struct variable * vp, >+ *var_len = strlen(string); >+ return (u_char *) string; >+ } >+- strcpy(string, cp); >++ strlcpy(string, cp, sizeof(string)); >+ #elif defined(cygwin) >+ /* if (lowproc.process_state & (PID_ZOMBIE | PID_EXITED)) */ >+ if (lowproc.process_state & PID_EXITED || (lowproc.exitcode & ~0xffff)) >+@@ -721,7 +721,7 @@ var_hrswrun(struct variable * vp, >+ cygwin_conv_to_posix_path(lowproc.progname, string); >+ cp = strrchr(string, '/'); >+ if (cp) >+- strcpy(string, cp + 1); >++ strlcpy(string, cp + 1, sizeof(string)); >+ } else if (query == CW_GETPINFO_FULL) { >+ DWORD n = lowproc.dwProcessId & 0xffff; >+ HANDLE h = >+@@ -739,7 +739,7 @@ var_hrswrun(struct variable * vp, >+ sizeof string)) { >+ cp = strrchr(string, '\\'); >+ if (cp) >+- strcpy(string, cp + 1); >++ strlcpy(string, cp + 1, sizeof(string)); >+ } else >+ strcpy(string, "*** unknown"); >+ CloseHandle(h); >+@@ -795,7 +795,7 @@ var_hrswrun(struct variable * vp, >+ #elif defined(solaris2) >+ #ifdef _SLASH_PROC_METHOD_ >+ if (proc_buf) >+- strcpy(string, proc_buf->pr_psargs); >++ strlcpy(string, proc_buf->pr_psargs, sizeof(string)); >+ else >+ sprintf(string, "<exited>"); >+ cp = strchr(string, ' '); >+@@ -821,18 +821,18 @@ var_hrswrun(struct variable * vp, >+ *cp = '\0'; >+ #elif HAVE_KVM_GETPROCS >+ #if defined(freebsd5) && __FreeBSD_version >= 500014 >+- strcpy(string, proc_table[LowProcIndex].ki_comm); >++ strlcpy(string, proc_table[LowProcIndex].ki_comm, sizeof(string)); >+ #elif defined(dragonfly) && __DragonFly_version >= 190000 >+- strcpy(string, proc_table[LowProcIndex].kp_comm); >++ strlcpy(string, proc_table[LowProcIndex].kp_comm, sizeof(string)); >+ #elif defined(openbsd5) >+- strcpy(string, proc_table[LowProcIndex].p_comm); >++ strlcpy(string, proc_table[LowProcIndex].p_comm, sizeof(string)); >+ #else >+- strcpy(string, proc_table[LowProcIndex].kp_proc.p_comm); >++ strlcpy(string, proc_table[LowProcIndex].kp_proc.p_comm, sizeof(string)); >+ #endif >+ #elif defined(linux) >+ cp = get_proc_name_from_cmdline(pid,buf,sizeof(buf)-1); >+ if (cp != NULL && *cp) /* argv[0] '\0' argv[1] '\0' .... */ >+- strcpy(string, cp); >++ strlcpy(string, cp, sizeof(string)); >+ else { >+ /* >+ * swapped out - no cmdline >+@@ -842,7 +842,7 @@ var_hrswrun(struct variable * vp, >+ *var_len = strlen(string); >+ return (u_char *) string; >+ } >+- strcpy(string, cp); >++ strlcpy(string, cp, sizeof(string)); >+ } >+ #elif defined(cygwin) >+ /* if (lowproc.process_state & (PID_ZOMBIE | PID_EXITED)) */ >+@@ -900,7 +900,7 @@ var_hrswrun(struct variable * vp, >+ if (proc_buf) { >+ cp = strchr(proc_buf->pr_psargs, ' '); >+ if (cp) >+- strcpy(string, cp + 1); >++ strlcpy(string, cp + 1, sizeof(string)); >+ else >+ string[0] = 0; >+ } else >+@@ -911,7 +911,7 @@ var_hrswrun(struct variable * vp, >+ cp++; >+ if (*cp == ' ') >+ cp++; >+- strcpy(string, cp); >++ strlcpy(string, cp, sizeof(string)); >+ #endif >+ #elif defined(aix4) || defined(aix5) || defined(aix6) || defined(aix7) >+ cp = strchr(proc_table[LowProcIndex].pi_comm, ' '); >+@@ -972,7 +972,7 @@ var_hrswrun(struct variable * vp, >+ while (*cp) >+ ++cp; >+ ++cp; >+- strcpy(string, cp); >++ strlcpy(string, cp, sizeof(string)); >+ #elif defined(cygwin) >+ string[0] = 0; >+ #else >+--- agent/mibgroup/mibII/mta_sendmail.c >++++ agent/mibgroup/mibII/mta_sendmail.c >+@@ -586,7 +586,7 @@ add_queuegroup(const char *name, char *path) >+ */ >+ *p = '\0'; >+ >+- strcpy(parentdir, path); >++ strlcpy(parentdir, path, sizeof(parentdir)); >+ /* >+ * remove last directory component from parentdir >+ */ >+@@ -877,7 +877,7 @@ read_sendmailcf(BOOL config) >+ linenr, sendmailcf_fn); >+ break; >+ } >+- strcpy(sendmailst_fn, line + 2); >++ strlcpy(sendmailst_fn, line + 2, sizeof(sendmailst_fn)); >+ found_sendmailst = TRUE; >+ DEBUGMSGTL(("mibII/mta_sendmail.c:read_sendmailcf", >+ "found statatistics file \"%s\"\n", >+--- agent/mibgroup/mibII/system_mib.c >++++ agent/mibgroup/mibII/system_mib.c >+@@ -309,7 +309,7 @@ init_system_mib(void) >+ if (RegQueryValueEx(hKey, "RegisteredOwner", NULL, NULL, >+ (LPBYTE)registeredOwner, >+ ®isteredOwnerSz) == ERROR_SUCCESS) { >+- strcpy(sysContact, registeredOwner); >++ strlcpy(sysContact, registeredOwner, sizeof(sysContact)); >+ } >+ RegCloseKey(hKey); >+ } >+--- agent/mibgroup/mibII/vacm_conf.c >++++ agent/mibgroup/mibII/vacm_conf.c >+@@ -480,7 +480,7 @@ vacm_parse_authaccess(const char *token, char *confline) >+ >+ for (i = 0; i <= VACM_MAX_VIEWS; i++) { >+ if (viewtypes & (1 << i)) { >+- strcpy(ap->views[i], view); >++ strlcpy(ap->views[i], view, sizeof(ap->views[i])); >+ } >+ } >+ ap->contextMatch = prefix; >+@@ -542,7 +542,7 @@ vacm_parse_setaccess(const char *token, char *param) >+ return; >+ } >+ >+- strcpy(ap->views[viewnum], viewval); >++ strlcpy(ap->views[viewnum], viewval, sizeof(ap->views[viewnum])); >+ ap->contextMatch = iprefix; >+ ap->storageType = SNMP_STORAGE_PERMANENT; >+ ap->status = SNMP_ROW_ACTIVE; >+@@ -598,9 +598,12 @@ vacm_parse_access(const char *token, char *param) >+ config_perror("failed to create access entry"); >+ return; >+ } >+- strcpy(ap->views[VACM_VIEW_READ], readView); >+- strcpy(ap->views[VACM_VIEW_WRITE], writeView); >+- strcpy(ap->views[VACM_VIEW_NOTIFY], notify); >++ strlcpy(ap->views[VACM_VIEW_READ], readView, >++ sizeof(ap->views[VACM_VIEW_READ])); >++ strlcpy(ap->views[VACM_VIEW_WRITE], writeView, >++ sizeof(ap->views[VACM_VIEW_WRITE])); >++ strlcpy(ap->views[VACM_VIEW_NOTIFY], notify, >++ sizeof(ap->views[VACM_VIEW_NOTIFY])); >+ ap->contextMatch = iprefix; >+ ap->storageType = SNMP_STORAGE_PERMANENT; >+ ap->status = SNMP_ROW_ACTIVE; >+--- agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c >++++ agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c >+@@ -12,6 +12,38 @@ >+ >+ static DH *dh_params = NULL; >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >++static int >++DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) >++{ >++ /* If the fields p and g in d are NULL, the corresponding input >++ * parameters MUST be non-NULL. q may remain NULL. >++ */ >++ if ((dh->p == NULL && p == NULL) >++ || (dh->g == NULL && g == NULL)) >++ return 0; >++ >++ if (p != NULL) { >++ BN_free(dh->p); >++ dh->p = p; >++ } >++ if (q != NULL) { >++ BN_free(dh->q); >++ dh->q = q; >++ } >++ if (g != NULL) { >++ BN_free(dh->g); >++ dh->g = g; >++ } >++ >++ if (q != NULL) { >++ dh->length = BN_num_bits(q); >++ } >++ >++ return 1; >++} >++#endif >++ >+ DH * >+ get_dh_params(void) >+ { >+@@ -22,6 +54,7 @@ get_dh_params(void) >+ void >+ init_usmDHParameters(void) >+ { >++ BIGNUM *p, *g; >+ static oid usmDHParameters_oid[] = >+ { 1, 3, 6, 1, 3, 101, 1, 1, 1 }; >+ >+@@ -38,9 +71,9 @@ init_usmDHParameters(void) >+ management apps though */ >+ if (!dh_params) { >+ dh_params = DH_new(); >+- dh_params->g = BN_new(); >+- BN_hex2bn(&dh_params->g, "02"); >+- BN_hex2bn(&dh_params->p, "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"); >++ BN_hex2bn(&g, "02"); >++ BN_hex2bn(&p, "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"); >++ DH_set0_pqg(dh_params, p, NULL, g); >+ } >+ } >+ >+--- agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c >++++ agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c >+@@ -20,10 +20,64 @@ >+ #include "usmDHUserKeyTable.h" >+ #include "snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.h" >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >++static int >++DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) >++{ >++ /* If the fields p and g in d are NULL, the corresponding input >++ * parameters MUST be non-NULL. q may remain NULL. >++ */ >++ if ((dh->p == NULL && p == NULL) >++ || (dh->g == NULL && g == NULL)) >++ return 0; >++ >++ if (p != NULL) { >++ BN_free(dh->p); >++ dh->p = p; >++ } >++ if (q != NULL) { >++ BN_free(dh->q); >++ dh->q = q; >++ } >++ if (g != NULL) { >++ BN_free(dh->g); >++ dh->g = g; >++ } >++ >++ if (q != NULL) { >++ dh->length = BN_num_bits(q); >++ } >++ >++ return 1; >++} >++ >++static void >++DH_get0_pqg(const DH *dh, >++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) >++{ >++ if (p != NULL) >++ *p = dh->p; >++ if (q != NULL) >++ *q = dh->q; >++ if (g != NULL) >++ *g = dh->g; >++} >++ >++static void >++DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) >++{ >++ if (pub_key != NULL) >++ *pub_key = dh->pub_key; >++ if (priv_key != NULL) >++ *priv_key = dh->priv_key; >++} >++#endif >++ >+ DH * >+ usmDHGetUserDHptr(struct usmUser *user, int for_auth_key) >+ { >+ DH *dh, *dh_params; >++ const BIGNUM *g, *p; >+ void **theptr; >+ >+ if (user == NULL) >+@@ -44,9 +98,10 @@ usmDHGetUserDHptr(struct usmUser *user, int for_auth_key) >+ dh_params = get_dh_params(); >+ if (!dh_params) >+ return NULL; >+- dh->g = BN_dup(dh_params->g); >+- dh->p = BN_dup(dh_params->p); >+- if (!dh->g || !dh->p) >++ DH_get0_pqg(dh_params, &p, NULL, &g); >++ DH_set0_pqg(dh, BN_dup(p), NULL, BN_dup(g)); >++ DH_get0_pqg(dh, &p, NULL, &g); >++ if (!g || !p) >+ return NULL; >+ DH_generate_key(dh); >+ *theptr = dh; >+@@ -61,6 +116,7 @@ usmDHGetUserKeyChange(struct usmUser *user, int for_auth_key, >+ u_char **keyobj, size_t *keyobj_len) >+ { >+ DH *dh; >++ const BIGNUM *pub_key; >+ >+ dh = usmDHGetUserDHptr(user, for_auth_key); >+ >+@@ -70,9 +126,10 @@ usmDHGetUserKeyChange(struct usmUser *user, int for_auth_key, >+ return MFD_ERROR; >+ } >+ >+- *keyobj_len = BN_num_bytes(dh->pub_key); >++ DH_get0_key(dh, &pub_key, NULL); >++ *keyobj_len = BN_num_bytes(pub_key); >+ *keyobj = malloc(*keyobj_len); >+- BN_bn2bin(dh->pub_key, *keyobj); >++ BN_bn2bin(pub_key, *keyobj); >+ >+ return MFD_SUCCESS; >+ } >+--- agent/mibgroup/target/snmpTargetParamsEntry.c >++++ agent/mibgroup/target/snmpTargetParamsEntry.c >+@@ -686,8 +686,7 @@ var_snmpTargetParamsEntry(struct variable * vp, >+ /* >+ * including null character. >+ */ >+- memcpy(string, temp_struct->secName, strlen(temp_struct->secName)); >+- string[strlen(temp_struct->secName)] = '\0'; >++ strlcpy((char *)string, temp_struct->secName, sizeof(string)); >+ *var_len = strlen(temp_struct->secName); >+ return (unsigned char *) string; >+ >+--- agent/mibgroup/ucd-snmp/logmatch.c >++++ agent/mibgroup/ucd-snmp/logmatch.c >+@@ -393,8 +393,9 @@ logmatch_parse_config(const char *token, char *cptr) >+ logmatchTable[logmatchCount].regEx); >+ >+ /* fill in filename with initial data */ >+- strcpy(logmatchTable[logmatchCount].filename, >+- logmatchTable[logmatchCount].filenamePattern); >++ strlcpy(logmatchTable[logmatchCount].filename, >++ logmatchTable[logmatchCount].filenamePattern, >++ sizeof(logmatchTable[logmatchCount].filename)); >+ logmatch_update_filename(logmatchTable[logmatchCount].filenamePattern, >+ logmatchTable[logmatchCount].filename); >+ >+--- agent/mibgroup/ucd-snmp/proc.c >++++ agent/mibgroup/ucd-snmp/proc.c >+@@ -168,7 +168,7 @@ procfix_parse_config(const char *token, char *cptr) >+ return; >+ } >+ >+- strcpy(procp->fixcmd, cptr); >++ strlcpy(procp->fixcmd, cptr, sizeof(procp->fixcmd)); >+ } >+ >+ >+--- agent/mibgroup/util_funcs.c >++++ agent/mibgroup/util_funcs.c >+@@ -258,7 +258,7 @@ get_exec_output(struct extensible *ex) >+ curtime = time(NULL); >+ if (curtime > (cachetime + NETSNMP_EXCACHETIME) || >+ strcmp(ex->command, lastcmd) != 0) { >+- strcpy(lastcmd, ex->command); >++ strlcpy(lastcmd, ex->command, sizeof(lastcmd)); >+ cachetime = curtime; >+ #endif >+ >+--- agent/mibgroup/util_funcs/get_pid_from_inode.c >++++ agent/mibgroup/util_funcs/get_pid_from_inode.c >+@@ -2,6 +2,7 @@ >+ >+ #include "get_pid_from_inode.h" >+ >++#include <net-snmp/library/system.h> /* strlcpy() */ >+ #include <net-snmp/output_api.h> >+ >+ #include <ctype.h> >+@@ -144,7 +145,8 @@ netsnmp_get_pid_from_inode_init(void) >+ if (filelen + strlen(pidinfo->d_name) > PATH_MAX) >+ continue; >+ >+- strcpy(path_name + filelen, pidinfo->d_name); >++ strlcpy(path_name + filelen, pidinfo->d_name, >++ sizeof(path_name) - filelen); >+ >+ /* The file discriptor is a symbolic link to a socket or a file.*/ >+ /* Thus read the symbolic link.*/ >+--- apps/snmpusm.c >++++ apps/snmpusm.c >+@@ -125,6 +125,39 @@ char *usmUserPublic_val = NULL; >+ int docreateandwait = 0; >+ >+ >++#if !defined(HAVE_DH_GET0_PQG) >++ >++#include <string.h> >++#include <openssl/dh.h> >++ >++void DH_get0_pqg(const DH *dh, >++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) >++{ >++ if (p != NULL) >++ *p = dh->p; >++ if (q != NULL) >++ *q = dh->q; >++ if (g != NULL) >++ *g = dh->g; >++} >++ >++#endif >++ >++#if defined(HAVE_OPENSSL_DH_H) && !defined(HAVE_DH_GET0_KEY) >++ >++#include <string.h> >++#include <openssl/dh.h> >++ >++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) >++{ >++ if (pub_key != NULL) >++ *pub_key = dh->pub_key; >++ if (priv_key != NULL) >++ *priv_key = dh->priv_key; >++} >++ >++#endif >++ >+ void >+ usage(void) >+ { >+@@ -190,7 +223,7 @@ get_USM_DH_key(netsnmp_variable_list *vars, netsnmp_variable_list *dhvar, >+ oid *keyoid, size_t keyoid_len) { >+ u_char *dhkeychange; >+ DH *dh; >+- BIGNUM *other_pub; >++ BIGNUM *p, *g, *pub_key, *other_pub; >+ u_char *key; >+ size_t key_len; >+ >+@@ -205,25 +238,29 @@ get_USM_DH_key(netsnmp_variable_list *vars, netsnmp_variable_list *dhvar, >+ dh = d2i_DHparams(NULL, &cp, dhvar->val_len); >+ } >+ >+- if (!dh || !dh->g || !dh->p) { >++ if (dh) >++ DH_get0_pqg(dh, &p, NULL, &g); >++ >++ if (!dh || !g || !p) { >+ SNMP_FREE(dhkeychange); >+ return SNMPERR_GENERR; >+ } >+ >+- DH_generate_key(dh); >+- if (!dh->pub_key) { >++ if (!DH_generate_key(dh)) { >+ SNMP_FREE(dhkeychange); >+ return SNMPERR_GENERR; >+ } >+ >+- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { >++ DH_get0_key(dh, &pub_key, NULL); >++ >++ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { >+ SNMP_FREE(dhkeychange); >+ fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", >+- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); >++ (unsigned long)vars->val_len, BN_num_bytes(pub_key)); >+ return SNMPERR_GENERR; >+ } >+ >+- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); >++ BN_bn2bin(pub_key, dhkeychange + vars->val_len); >+ >+ key_len = DH_size(dh); >+ if (!key_len) { >+--- configure >++++ configure >+@@ -23186,13 +23186,76 @@ eval ac_res=\$$as_ac_Lib >+ $as_echo "$ac_res" >&6; } >+ if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : >+ >+-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h >++$as_echo "#define HAVE_EVP_MD_CTX_CREATE 1" >>confdefs.h >+ >+ >+-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h >++$as_echo "#define HAVE_EVP_MD_CTX_DESTROY 1" >>confdefs.h >+ >+ fi >+ >++ >++ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` >++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 >++$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } >++if eval \${$as_ac_Lib+:} false; then : >++ $as_echo_n "(cached) " >&6 >++else >++ ac_check_lib_save_LIBS=$LIBS >++LIBS="-l${CRYPTO} $LIBS" >++cat confdefs.h - <<_ACEOF >conftest.$ac_ext >++/* end confdefs.h. */ >++ >++/* Override any GCC internal prototype to avoid an error. >++ Use char because int might match the return type of a GCC >++ builtin and then its argument prototype would still apply. */ >++#ifdef __cplusplus >++extern "C" >++#endif >++char EVP_MD_CTX_new (); >++int >++main () >++{ >++return EVP_MD_CTX_new (); >++ ; >++ return 0; >++} >++_ACEOF >++if ac_fn_c_try_link "$LINENO"; then : >++ eval "$as_ac_Lib=yes" >++else >++ eval "$as_ac_Lib=no" >++fi >++rm -f core conftest.err conftest.$ac_objext \ >++ conftest$ac_exeext conftest.$ac_ext >++LIBS=$ac_check_lib_save_LIBS >++fi >++eval ac_res=\$$as_ac_Lib >++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 >++$as_echo "$ac_res" >&6; } >++if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : >++ >++$as_echo "#define HAVE_EVP_MD_CTX_NEW 1" >>confdefs.h >++ >++ >++$as_echo "#define HAVE_EVP_MD_CTX_FREE 1" >>confdefs.h >++ >++fi >++ >++ save_LIBS=$LIBS >++ LIBS="$LIBS -l${CRYPTO}" >++ for ac_func in DH_get0_pqg DH_get0_key X509_NAME_ENTRY_get_data X509_NAME_ENTRY_get_object X509_get_signature_nid >++do : >++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` >++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" >++if eval test \"x\$"$as_ac_var"\" = x"yes"; then : >++ cat >>confdefs.h <<_ACEOF >++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 >++_ACEOF >++ >++fi >++done >++ >++ LIBS=$save_LIBS >+ fi >+ if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then >+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DTLSv1_method in -lssl" >&5 >+@@ -23249,7 +23312,7 @@ if ${ac_cv_lib_ssl_SSL_library_init+:} false; then : >+ $as_echo_n "(cached) " >&6 >+ else >+ ac_check_lib_save_LIBS=$LIBS >+-LIBS="-lssl -lcrypto $LIBS" >++LIBS="-lssl $LIBS" >+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext >+ /* end confdefs.h. */ >+ >+@@ -23283,11 +23346,55 @@ if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then : >+ >+ $as_echo "#define HAVE_LIBSSL 1" >>confdefs.h >+ >++fi >++ >++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5 >++$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; } >++if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then : >++ $as_echo_n "(cached) " >&6 >++else >++ ac_check_lib_save_LIBS=$LIBS >++LIBS="-lssl $LIBS" >++cat confdefs.h - <<_ACEOF >conftest.$ac_ext >++/* end confdefs.h. */ >++ >++/* Override any GCC internal prototype to avoid an error. >++ Use char because int might match the return type of a GCC >++ builtin and then its argument prototype would still apply. */ >++#ifdef __cplusplus >++extern "C" >++#endif >++char OPENSSL_init_ssl (); >++int >++main () >++{ >++return OPENSSL_init_ssl (); >++ ; >++ return 0; >++} >++_ACEOF >++if ac_fn_c_try_link "$LINENO"; then : >++ ac_cv_lib_ssl_OPENSSL_init_ssl=yes >++else >++ ac_cv_lib_ssl_OPENSSL_init_ssl=no >++fi >++rm -f core conftest.err conftest.$ac_objext \ >++ conftest$ac_exeext conftest.$ac_ext >++LIBS=$ac_check_lib_save_LIBS >++fi >++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_OPENSSL_init_ssl" >&5 >++$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; } >++if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then : >++ >++$as_echo "#define HAVE_LIBSSL 1" >>confdefs.h >++ >++fi >++ >++ if test "$ac_cv_lib_ssl_SSL_library_init" = yes -o "$ac_cv_lib_ssl_OPENSSL_init_ssl" = yes; then >+ LIBCRYPTO=" -lssl $LIBCRYPTO" >+ else >+ as_fn_error $? "The DTLS based transports require the libssl library from OpenSSL to be available" "$LINENO" 5 >+ fi >+- >+ TLSPROG=yes >+ fi >+ if echo " $transport_result_list " | $GREP " SSH " > /dev/null; then >+--- configure.d/config_os_libs2 >++++ configure.d/config_os_libs2 >+@@ -293,10 +293,23 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then >+ [Define to 1 if you have the `AES_cfb128_encrypt' function.])) >+ >+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, >+- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], >++ AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1], >+ [Define to 1 if you have the `EVP_MD_CTX_create' function.]) >+- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], >++ AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1], >+ [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) >++ >++ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, >++ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], >++ [Define to 1 if you have the `EVP_MD_CTX_new' function.]) >++ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], >++ [Define to 1 if you have the `EVP_MD_CTX_free' function.])) >++ save_LIBS=$LIBS >++ LIBS="$LIBS -l${CRYPTO}" >++ AC_CHECK_FUNCS([DH_get0_pqg DH_get0_key ] dnl >++ [X509_NAME_ENTRY_get_data ] dnl >++ [X509_NAME_ENTRY_get_object] dnl >++ [X509_get_signature_nid]) >++ LIBS=$save_LIBS >+ fi >+ if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then >+ AC_CHECK_LIB(ssl, DTLSv1_method, >+@@ -309,9 +322,15 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then >+ if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then >+ AC_CHECK_LIB(ssl, SSL_library_init, >+ AC_DEFINE(HAVE_LIBSSL, 1, >+- [Define to 1 if you have the `ssl' library (-lssl).]) >+- LIBCRYPTO=" -lssl $LIBCRYPTO", >+- AC_MSG_ERROR([The DTLS based transports require the libssl library from OpenSSL to be available]) ,-lcrypto) >++ [Define to 1 if you have the `ssl' library (-lssl).])) >++ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, >++ AC_DEFINE(HAVE_LIBSSL, 1, >++ [Define to 1 if you have the `ssl' library (-lssl).])) >++ if test "$ac_cv_lib_ssl_SSL_library_init" = yes -o "$ac_cv_lib_ssl_OPENSSL_init_ssl" = yes; then >++ LIBCRYPTO=" -lssl $LIBCRYPTO" >++ else >++ AC_MSG_ERROR([The DTLS based transports require the libssl library from OpenSSL to be available]) >++ fi >+ TLSPROG=yes >+ fi >+ if echo " $transport_result_list " | $GREP " SSH " > /dev/null; then >+--- include/net-snmp/net-snmp-config.h.in >++++ include/net-snmp/net-snmp-config.h.in >+@@ -124,6 +124,12 @@ >+ /* define if you have devstat_getdevs() */ >+ #undef HAVE_DEVSTAT_GETDEVS >+ >++/* Define to 1 if you have the `DH_get0_key' function. */ >++#undef HAVE_DH_GET0_KEY >++ >++/* Define to 1 if you have the `DH_get0_pqg' function. */ >++#undef HAVE_DH_GET0_PQG >++ >+ /* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. >+ */ >+ #undef HAVE_DIRENT_H >+@@ -155,6 +161,12 @@ >+ /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ >+ #undef HAVE_EVP_MD_CTX_DESTROY >+ >++/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ >++#undef HAVE_EVP_MD_CTX_FREE >++ >++/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ >++#undef HAVE_EVP_MD_CTX_NEW >++ >+ /* Define if you have EVP_sha224/256 in openssl */ >+ #undef HAVE_EVP_SHA224 >+ >+@@ -1298,6 +1310,15 @@ >+ /* Define to 1 if you have the <ws2tcpip.h> header file. */ >+ #undef HAVE_WS2TCPIP_H >+ >++/* Define to 1 if you have the `X509_get_signature_nid' function. */ >++#undef HAVE_X509_GET_SIGNATURE_NID >++ >++/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ >++#undef HAVE_X509_NAME_ENTRY_GET_DATA >++ >++/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ >++#undef HAVE_X509_NAME_ENTRY_GET_OBJECT >++ >+ /* Define to 1 if you have the <xti.h> header file. */ >+ #undef HAVE_XTI_H >+ >+--- snmplib/keytools.c >++++ snmplib/keytools.c >+@@ -149,7 +149,9 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, >+ */ >+ #ifdef NETSNMP_USE_OPENSSL >+ >+-#ifdef HAVE_EVP_MD_CTX_CREATE >++#ifdef HAVE_EVP_MD_CTX_NEW >++ ctx = EVP_MD_CTX_new(); >++#elif HAVE_EVP_MD_CTX_CREATE >+ ctx = EVP_MD_CTX_create(); >+ #else >+ ctx = malloc(sizeof(*ctx)); >+@@ -259,7 +261,9 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, >+ memset(buf, 0, sizeof(buf)); >+ #ifdef NETSNMP_USE_OPENSSL >+ if (ctx) { >+-#ifdef HAVE_EVP_MD_CTX_DESTROY >++#ifdef HAVE_EVP_MD_CTX_FREE >++ EVP_MD_CTX_free(ctx); >++#elif HAVE_EVP_MD_CTX_DESTROY >+ EVP_MD_CTX_destroy(ctx); >+ #else >+ EVP_MD_CTX_cleanup(ctx); >+--- snmplib/scapi.c >++++ snmplib/scapi.c >+@@ -486,7 +486,9 @@ sc_hash(const oid * hashtype, size_t hashtypelen, const u_char * buf, >+ } >+ >+ /** initialize the pointer */ >+-#ifdef HAVE_EVP_MD_CTX_CREATE >++#ifdef HAVE_EVP_MD_CTX_NEW >++ cptr = EVP_MD_CTX_new(); >++#elif HAVE_EVP_MD_CTX_CREATE >+ cptr = EVP_MD_CTX_create(); >+ #else >+ cptr = malloc(sizeof(*cptr)); >+@@ -507,7 +509,9 @@ sc_hash(const oid * hashtype, size_t hashtypelen, const u_char * buf, >+ /** do the final pass */ >+ EVP_DigestFinal(cptr, MAC, &tmp_len); >+ *MAC_len = tmp_len; >+-#ifdef HAVE_EVP_MD_CTX_DESTROY >++#ifdef HAVE_EVP_MD_CTX_FREE >++ EVP_MD_CTX_free(cptr); >++#elif HAVE_EVP_MD_CTX_DESTROY >+ EVP_MD_CTX_destroy(cptr); >+ #else >+ #if !defined(OLD_DES) >+--- snmplib/snmp_openssl.c >++++ snmplib/snmp_openssl.c >+@@ -141,6 +141,28 @@ netsnmp_openssl_cert_get_commonName(X509 *ocert, char **buf, int *len) >+ } >+ >+ #ifndef NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES >++ >++#ifndef HAVE_X509_NAME_ENTRY_GET_DATA >++static ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) >++{ >++ return ne ? ne->value : NULL; >++} >++#endif >++ >++#ifndef HAVE_X509_NAME_ENTRY_GET_OBJECT >++static ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) >++{ >++ return ne ? ne->object : NULL; >++} >++#endif >++ >++#ifndef HAVE_X509_GET_SIGNATURE_NID >++static int X509_get_signature_nid(const X509 *x) >++{ >++ return OBJ_obj2nid(x->sig_alg->algorithm); >++} >++#endif >++ >+ /** netsnmp_openssl_cert_dump_name: dump subject names in cert >+ */ >+ void >+@@ -148,6 +170,7 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) >+ { >+ int i, onid; >+ X509_NAME_ENTRY *oname_entry; >++ ASN1_STRING *oname_value; >+ X509_NAME *osubj_name; >+ const char *prefix_short, *prefix_long; >+ >+@@ -163,12 +186,13 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) >+ for (i = 0; i < X509_NAME_entry_count(osubj_name); i++) { >+ oname_entry = X509_NAME_get_entry(osubj_name, i); >+ netsnmp_assert(NULL != oname_entry); >++ oname_value = X509_NAME_ENTRY_get_data(oname_entry); >+ >+- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) >++ if (oname_value->type != V_ASN1_PRINTABLESTRING) >+ continue; >+ >+ /** get NID */ >+- onid = OBJ_obj2nid(oname_entry->object); >++ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); >+ if (onid == NID_undef) { >+ prefix_long = prefix_short = "UNKNOWN"; >+ } >+@@ -179,9 +203,9 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) >+ >+ DEBUGMSGT(("9:cert:dump:names", >+ "[%02d] NID type %d, ASN type %d\n", i, onid, >+- oname_entry->value->type)); >++ oname_value->type)); >+ DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, >+- prefix_short, ASN1_STRING_data(oname_entry->value))); >++ prefix_short, ASN1_STRING_data(oname_value))); >+ } >+ } >+ #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ >+@@ -470,7 +494,7 @@ netsnmp_openssl_cert_get_hash_type(X509 *ocert) >+ if (NULL == ocert) >+ return 0; >+ >+- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); >++ return _nid2ht(X509_get_signature_nid(ocert)); >+ } >+ >+ /** >+@@ -487,7 +511,7 @@ netsnmp_openssl_cert_get_fingerprint(X509 *ocert, int alg) >+ if (NULL == ocert) >+ return NULL; >+ >+- nid = OBJ_obj2nid(ocert->sig_alg->algorithm); >++ nid = X509_get_signature_nid(ocert); >+ DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, >+ _nid2ht(nid))); >+ >+--- snmplib/vacm.c >++++ snmplib/vacm.c >+@@ -54,6 +54,7 @@ >+ #include <net-snmp/config_api.h> >+ >+ #include <net-snmp/library/snmp_api.h> >++#include <net-snmp/library/system.h> /* strlcpy() */ >+ #include <net-snmp/library/tools.h> >+ #include <net-snmp/library/vacm.h> >+ >+@@ -439,7 +440,7 @@ netsnmp_view_get(struct vacm_viewEntry *head, const char *viewName, >+ if (glen < 0 || glen > VACM_MAX_STRING) >+ return NULL; >+ view[0] = glen; >+- strcpy(view + 1, viewName); >++ strlcpy(view + 1, viewName, sizeof(view) - 1); >+ for (vp = head; vp; vp = vp->next) { >+ if (!memcmp(view, vp->viewName, glen + 1) >+ && viewSubtreeLen >= (vp->viewSubtreeLen - 1)) { >+@@ -522,7 +523,7 @@ netsnmp_view_subtree_check(struct vacm_viewEntry *head, const char *viewName, >+ if (glen < 0 || glen > VACM_MAX_STRING) >+ return VACM_NOTINVIEW; >+ view[0] = glen; >+- strcpy(view + 1, viewName); >++ strlcpy(view + 1, viewName, sizeof(view) - 1); >+ DEBUGMSGTL(("9:vacm:checkSubtree", "view %s\n", viewName)); >+ for (vp = head; vp; vp = vp->next) { >+ if (!memcmp(view, vp->viewName, glen + 1)) { >+@@ -689,7 +690,7 @@ netsnmp_view_create(struct vacm_viewEntry **head, const char *viewName, >+ } >+ >+ vp->viewName[0] = glen; >+- strcpy(vp->viewName + 1, viewName); >++ strlcpy(vp->viewName + 1, viewName, sizeof(vp->viewName) - 1); >+ vp->viewSubtree[0] = viewSubtreeLen; >+ memcpy(vp->viewSubtree + 1, viewSubtree, viewSubtreeLen * sizeof(oid)); >+ vp->viewSubtreeLen = viewSubtreeLen + 1; >+@@ -768,7 +769,7 @@ vacm_getGroupEntry(int securityModel, const char *securityName) >+ if (glen < 0 || glen > VACM_MAX_STRING) >+ return NULL; >+ secname[0] = glen; >+- strcpy(secname + 1, securityName); >++ strlcpy(secname + 1, securityName, sizeof(secname) - 1); >+ >+ for (vp = groupList; vp; vp = vp->next) { >+ if ((securityModel == vp->securityModel >+@@ -817,7 +818,7 @@ vacm_createGroupEntry(int securityModel, const char *securityName) >+ >+ gp->securityModel = securityModel; >+ gp->securityName[0] = glen; >+- strcpy(gp->securityName + 1, securityName); >++ strlcpy(gp->securityName + 1, securityName, sizeof(gp->securityName) - 1); >+ >+ lg = groupList; >+ og = NULL; >+@@ -939,9 +940,9 @@ vacm_getAccessEntry(const char *groupName, >+ return NULL; >+ >+ group[0] = glen; >+- strcpy(group + 1, groupName); >++ strlcpy(group + 1, groupName, sizeof(group) - 1); >+ context[0] = clen; >+- strcpy(context + 1, contextPrefix); >++ strlcpy(context + 1, contextPrefix, sizeof(context) - 1); >+ for (vp = accessList; vp; vp = vp->next) { >+ if ((securityModel == vp->securityModel >+ || vp->securityModel == SNMP_SEC_MODEL_ANY) >+@@ -1006,9 +1007,10 @@ vacm_createAccessEntry(const char *groupName, >+ vp->securityModel = securityModel; >+ vp->securityLevel = securityLevel; >+ vp->groupName[0] = glen; >+- strcpy(vp->groupName + 1, groupName); >++ strlcpy(vp->groupName + 1, groupName, sizeof(vp->groupName) - 1); >+ vp->contextPrefix[0] = clen; >+- strcpy(vp->contextPrefix + 1, contextPrefix); >++ strlcpy(vp->contextPrefix + 1, contextPrefix, >++ sizeof(vp->contextPrefix) - 1); >+ >+ lp = accessList; >+ while (lp) { >+--- win32/net-snmp/net-snmp-config.h >++++ win32/net-snmp/net-snmp-config.h >+@@ -250,6 +250,21 @@ >+ /* Define to 1 if you have the <direct.h> header file. */ >+ #define HAVE_DIRECT_H 1 >+ >++/* Define to 1 if you have the `DH_get0_key' function. */ >++#define HAVE_DH_GET0_KEY 1 >++ >++/* Define to 1 if you have the `DH_get0_pqg' function. */ >++#define HAVE_DH_GET0_PQG 1 >++ >++/* Define to 1 if you have the `X509_get_signature_nid' function. */ >++#define HAVE_X509_GET_SIGNATURE_NID 1 >++ >++/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ >++#define HAVE_X509_NAME_ENTRY_GET_DATA 1 >++ >++/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ >++#define HAVE_X509_NAME_ENTRY_GET_OBJECT 1 >++ >+ /* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. >+ */ >+ /* #undef HAVE_DIRENT_H */ >+--- win32/net-snmp/net-snmp-config.h.in >++++ win32/net-snmp/net-snmp-config.h.in >+@@ -250,6 +250,21 @@ >+ /* Define to 1 if you have the <direct.h> header file. */ >+ #define HAVE_DIRECT_H 1 >+ >++/* Define to 1 if you have the `DH_get0_key' function. */ >++#define HAVE_DH_GET0_KEY 1 >++ >++/* Define to 1 if you have the `DH_get0_pqg' function. */ >++#define HAVE_DH_GET0_PQG 1 >++ >++/* Define to 1 if you have the `X509_get_signature_nid' function. */ >++#define HAVE_X509_GET_SIGNATURE_NID 1 >++ >++/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ >++#define HAVE_X509_NAME_ENTRY_GET_DATA 1 >++ >++/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ >++#define HAVE_X509_NAME_ENTRY_GET_OBJECT 1 >++ >+ /* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. >+ */ >+ /* #undef HAVE_DIRENT_H */ >+ >+ >+ >+ > >Property changes on: files/patch-openssl >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=198040">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 228898
:
198040
|
198050
|
198051
|
198690
|
198805
|
203784