Bug 217760

Summary: [patch] [bsnmpd] bsnmpd coredumps on first request
Product: Base System Reporter: Eugene Grosbein <eugen>
Component: binAssignee: Enji Cooper <ngie>
Status: Closed FIXED    
Severity: Affects Some People CC: ngie
Priority: --- Keywords: patch
Version: 11.0-STABLEFlags: ngie: mfc-stable11+
ngie: mfc-stable10+
ngie: mfc-stable9+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
properly initialize port->transport
none
properly initialize port->transport none

Description Eugene Grosbein freebsd_committer freebsd_triage 2017-03-13 15:32:40 UTC 
Created attachment 180780 [details]
properly initialize port->transport

One of my 11.0-STABLE systems starts bsnmpd just fine but first request crashes it with sigsegv and core is generated.

#0  snmpd_input (pi=0x2861ce98, tport=0x2861cc80) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:1044
1044            ret = tport->transport->vtab->recv(tport, pi);
(gdb) bt
#0  snmpd_input (pi=0x2861ce98, tport=0x2861cc80) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:1044
#1  0x0805f36c in udp_input (fd=8, udata=0x2861cc80) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/trans_udp.c:98
#2  0x0804e116 in input (fd=8, mask=1, uap=0x28621080) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:900
#3  0x2809b9a7 in poll_dispatch (wait=1) at /home/src/contrib/libbegemot/rpoll.c:614
#4  0x0804f9c5 in main (argc=0, argv=0xbfbfee78) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:1714
Current language:  auto; currently minimal
(gdb) p tport->transport
$1 = (struct transport *) 0x0

On line patch fixing the problem is attached. The problem manifests when bsnmpd.conf has several begemotSnmpdPortStatus.* lines for distinct IP addresses and addresses are unsorted, for example:

# open standard SNMP ports
#begemotSnmpdPortStatus.0.0.0.0.161 = 1
begemotSnmpdPortStatus.[192.168.1.6].161 = 1
begemotSnmpdPortStatus.127.0.0.1.161 = 1
Comment 1 Eugene Grosbein freebsd_committer freebsd_triage 2017-03-13 15:39:27 UTC 
Created attachment 180781 [details]
properly initialize port->transport

Better version of the same patch.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-03-13 18:01:16 UTC 
A commit references this bug:

Author: ngie
Date: Mon Mar 13 18:01:02 UTC 2017
New revision: 315206
URL: https://svnweb.freebsd.org/changeset/base/315206

Log:
  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  MFC after:	1 week
  PR:		217760
  Submitted by:	eugen
  Sponsored by:	Dell EMC Isilon

Changes:
  head/contrib/bsnmp/snmpd/main.c
Comment 3 Enji Cooper freebsd_committer freebsd_triage 2017-03-13 18:01:37 UTC 
Thanks for the patch eugen!
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-03-20 03:13:51 UTC 
A commit references this bug:

Author: ngie
Date: Mon Mar 20 03:13:01 UTC 2017
New revision: 315611
URL: https://svnweb.freebsd.org/changeset/base/315611

Log:
  MFC r315206:

  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  PR:		217760

Changes:
_U  stable/11/
  stable/11/contrib/bsnmp/snmpd/main.c
Comment 5 commit-hook freebsd_committer freebsd_triage 2017-03-20 03:13:53 UTC 
A commit references this bug:

Author: ngie
Date: Mon Mar 20 03:13:03 UTC 2017
New revision: 315612
URL: https://svnweb.freebsd.org/changeset/base/315612

Log:
  MFC r315206:

  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  PR:		217760

Changes:
_U  stable/10/
  stable/10/contrib/bsnmp/snmpd/main.c
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-03-20 03:18:59 UTC 
A commit references this bug:

Author: ngie
Date: Mon Mar 20 03:18:16 UTC 2017
New revision: 315613
URL: https://svnweb.freebsd.org/changeset/base/315613

Log:
  MFC r315206:

  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  PR:		217760

Changes:
_U  stable/9/
_U  stable/9/contrib/
_U  stable/9/contrib/bsnmp/
  stable/9/contrib/bsnmp/snmpd/main.c