Bug 217760 - [patch] [bsnmpd] bsnmpd coredumps on first request
Summary: [patch] [bsnmpd] bsnmpd coredumps on first request
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 11.0-STABLE
Hardware: Any Any
: --- Affects Some People
Assignee: Ngie Cooper
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-03-13 15:32 UTC by Eugene Grosbein
Modified: 2017-03-20 03:18 UTC (History)
1 user (show)

See Also:
ngie: mfc-stable9+
ngie: mfc-stable10+
ngie: mfc-stable11+


Attachments
properly initialize port->transport (498 bytes, patch)
2017-03-13 15:32 UTC, Eugene Grosbein
no flags Details | Diff
properly initialize port->transport (693 bytes, patch)
2017-03-13 15:39 UTC, Eugene Grosbein
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Grosbein freebsd_committer 2017-03-13 15:32:40 UTC
Created attachment 180780 [details]
properly initialize port->transport

One of my 11.0-STABLE systems starts bsnmpd just fine but first request crashes it with sigsegv and core is generated.

#0  snmpd_input (pi=0x2861ce98, tport=0x2861cc80) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:1044
1044            ret = tport->transport->vtab->recv(tport, pi);
(gdb) bt
#0  snmpd_input (pi=0x2861ce98, tport=0x2861cc80) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:1044
#1  0x0805f36c in udp_input (fd=8, udata=0x2861cc80) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/trans_udp.c:98
#2  0x0804e116 in input (fd=8, mask=1, uap=0x28621080) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:900
#3  0x2809b9a7 in poll_dispatch (wait=1) at /home/src/contrib/libbegemot/rpoll.c:614
#4  0x0804f9c5 in main (argc=0, argv=0xbfbfee78) at /home/src/usr.sbin/bsnmpd/bsnmpd/../../../contrib/bsnmp/snmpd/main.c:1714
Current language:  auto; currently minimal
(gdb) p tport->transport
$1 = (struct transport *) 0x0

On line patch fixing the problem is attached. The problem manifests when bsnmpd.conf has several begemotSnmpdPortStatus.* lines for distinct IP addresses and addresses are unsorted, for example:

# open standard SNMP ports
#begemotSnmpdPortStatus.0.0.0.0.161 = 1
begemotSnmpdPortStatus.[192.168.1.6].161 = 1
begemotSnmpdPortStatus.127.0.0.1.161 = 1
Comment 1 Eugene Grosbein freebsd_committer 2017-03-13 15:39:27 UTC
Created attachment 180781 [details]
properly initialize port->transport

Better version of the same patch.
Comment 2 commit-hook freebsd_committer 2017-03-13 18:01:16 UTC
A commit references this bug:

Author: ngie
Date: Mon Mar 13 18:01:02 UTC 2017
New revision: 315206
URL: https://svnweb.freebsd.org/changeset/base/315206

Log:
  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  MFC after:	1 week
  PR:		217760
  Submitted by:	eugen
  Sponsored by:	Dell EMC Isilon

Changes:
  head/contrib/bsnmp/snmpd/main.c
Comment 3 Ngie Cooper freebsd_committer 2017-03-13 18:01:37 UTC
Thanks for the patch eugen!
Comment 4 commit-hook freebsd_committer 2017-03-20 03:13:51 UTC
A commit references this bug:

Author: ngie
Date: Mon Mar 20 03:13:01 UTC 2017
New revision: 315611
URL: https://svnweb.freebsd.org/changeset/base/315611

Log:
  MFC r315206:

  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  PR:		217760

Changes:
_U  stable/11/
  stable/11/contrib/bsnmp/snmpd/main.c
Comment 5 commit-hook freebsd_committer 2017-03-20 03:13:53 UTC
A commit references this bug:

Author: ngie
Date: Mon Mar 20 03:13:03 UTC 2017
New revision: 315612
URL: https://svnweb.freebsd.org/changeset/base/315612

Log:
  MFC r315206:

  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  PR:		217760

Changes:
_U  stable/10/
  stable/10/contrib/bsnmp/snmpd/main.c
Comment 6 commit-hook freebsd_committer 2017-03-20 03:18:59 UTC
A commit references this bug:

Author: ngie
Date: Mon Mar 20 03:18:16 UTC 2017
New revision: 315613
URL: https://svnweb.freebsd.org/changeset/base/315613

Log:
  MFC r315206:

  bsnmpd: fix segfault when trans_insert_port(..) is called with multiple
  out of order addresses

  Move `port->transport` initialization before the TAILQ_FOREACH(..) loop
  to ensure that the value is properly initialized before it's inserted
  into the TAILQ.

  PR:		217760

Changes:
_U  stable/9/
_U  stable/9/contrib/
_U  stable/9/contrib/bsnmp/
  stable/9/contrib/bsnmp/snmpd/main.c