Bug 242080 - net-mgmt/net-snmp: Crash when setting scalar variables in the ip-mib module
Summary: net-mgmt/net-snmp: Crash when setting scalar variables in the ip-mib module
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: Ryan Steinmetz
URL:
Keywords: crash, needs-qa
Depends on:
Blocks:
 
Reported: 2019-11-19 13:45 UTC by mwlucas
Modified: 2019-11-25 00:56 UTC (History)
5 users (show)

See Also:
w.schwarzenfeld: maintainer-feedback? (zi)
koobs: merge-quarterly?


Attachments
fix crash when setting scalar variables in the ip-mib module (1.78 KB, patch)
2019-11-21 01:56 UTC, Marcin Cieślak
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mwlucas 2019-11-19 13:45:55 UTC
I can reliably crash net-snmp with an snmpset. 

$ uname -a
FreeBSD freebsdtest 12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 GENERIC  amd64

$ pkg info net-snmp
net-snmp-5.7.3_20,1
Name           : net-snmp
Version        : 5.7.3_20,1
Installed on   : Wed Oct  9 15:22:24 2019 EDT
...

Detail:

$ sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 0

$ snmpget freebsd IP-MIB::ipForwarding.0
IP-MIB::ipForwarding.0 = INTEGER: notForwarding(2)

$ snmpset freebsd IP-MIB::ipForwarding.0 i 1
Timeout: No Response from freebsd

Yep, the agent is dead:

$ pgrep snmpd
$

The sysctl change took place, however:

$ sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1

I can restart the agent and reverse the change, but snmpd crashes
again.

Debug on core file:

...
Reading symbols from /usr/local/sbin/snmpd...
(gdb) core /snmpd.core
[New LWP 100412]
Core was generated by `/usr/local/sbin/snmpd -p /var/run/net_snmpd.pid'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000800413426 in netsnmp_arch_ip_scalars_sysctl (
    access_module=0x8002d8801 "access:ipForwarding",
    mib=0x80043dec0 <ipForwarding_mib>, mib_len=4, old_value=0x0,
    new_value=0x7fffffffd9c0) at ip-mib/data_access/scalars_sysctl.c:45
45          *old_value = oldint;
(gdb) quit
Comment 1 Ryan Steinmetz freebsd_committer freebsd_triage 2019-11-19 16:31:36 UTC
This should probably go to the net-snmp developers:
http://www.net-snmp.org/support/bugreports.html
Comment 2 Eugene Grosbein freebsd_committer 2019-11-19 19:43:01 UTC
Can you share your configuration for snmpd? With default example config, I cannot even do snmpget for ipForwarding:

# snmpget -v1 -c public localhost IP-MIB::ipForwarding.0
Did not find 'InetPortNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/TCP-MIB.txt)
Did not find 'InetPortNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/UDP-MIB.txt)
Did not find 'InetPortNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/SCTP-MIB.txt)
Did not find 'InetAddressPrefixLength' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/IP-FORWARD-MIB.txt)
Did not find 'InetAutonomousSystemNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/IP-FORWARD-MIB.txt)
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: IP-MIB::ipForwarding.0
Comment 3 mwlucas 2019-11-19 20:32:37 UTC
agentaddress tcp::161
agentaddress tcp6::161
agentaddress udp::161
agentaddress udp6::161


proc  cron 1 1
proc  php-fpm 10 1
proc  sendmail 10


disk  zroot 1048576
disk  /tmp/ 1048576
disk  /var/log/ 1048576
disk  /usr/home/ 1048576


load  10 8 5


file  /var/log/messages 1g
file  /var/log/all.log 5g



rwuser  secureRW priv


rouser  secureRO priv


rocommunity  insecureRO 203.0.113.0/24 .1.3.6.1.4.1
rocommunity  insecureRO 127.0.0.1


rwcommunity  insecureRW 203.0.113.0/24
rwcommunity  insecureRW 127.0.0.1



syslocation  "MWL global datacenter"


syscontact  mwl@mwl.io


sysservices 76
Comment 4 Eugene Grosbein freebsd_committer 2019-11-20 03:45:04 UTC
(In reply to Ryan Steinmetz from comment #1)

Ryan, there is some problem with configure stage of net-snmp-5.7.3_20,1.

The file net-mgmt/net-snmp/Makefile has a line:

NET_SNMP_WITHOUT_MIB_MODULE_LIST+=      mibII/ipv6

And it builds the daemon without mibII at all:

# make configure >log 2>&1
# egrep -i 'mibII|ipv6' log | head -8
NET_SNMP_WITH_MIB_MODULE_LIST="host disman/event-mib mibII/mta_sendmail mibII/tcpTable ucd-snmp/diskio sctp-mib if-mib smux"
NET_SNMP_WITHOUT_MIB_MODULE_LIST="mibII/ipv6 host ucd-snmp/memory"
checking ipv6 stack type... "kame, yes, using libc"
checking for and configuring transport modules to use...  Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6 IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base.
default_modules disman/event-mib if-mib mibII/mta_sendmail mibII/tcpTable sctp-mib smux ucd-snmp/diskio.
 default_modules disman/event-mib if-mib mibII/mta_sendmail mibII/tcpTable sctp-mib smux ucd-snmp/diskio snmpv3mibsconfigure: WARNING: mib module error
configure: WARNING: mib module 'mibII' requires module 'mibII/ipv6' but someone told me to compile without it
 mibIIconfigure: WARNING: mib module error
Comment 5 Marcin Cieślak 2019-11-20 06:52:27 UTC
This MIB issue is probably unrelated. Instead you can try

$ snmpget freebsd .1.3.6.1.2.1.4.1
Comment 6 Marcin Cieślak 2019-11-20 06:59:48 UTC
(In reply to Marcin Cieślak from comment #5)
er, sorry, that does not help
Comment 7 Eugene Grosbein freebsd_committer 2019-11-20 07:06:56 UTC
(In reply to Marcin Cieślak from comment #5)

It is definitely related as IP-MIB defined as sub-tree of mib-2:

ip       OBJECT IDENTIFIER ::= { mib-2 4 }

$ snmpget -On -v1 -c public localhost .1.3.6.1.2.1.4.1.0
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.2.1.4.1.0
$ snmpget -On -v1 -c public localhost .1.3.6.1.2.1.4.1
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: .1.3.6.1.2.1.4.1

Comparing with another system running stock bsnmpd:

$ snmpget -On -v1 -c XXX syslog .1.3.6.1.2.1.4.1.0
.1.3.6.1.2.1.4.1.0 = INTEGER: notForwarding(2)
Comment 8 Marcin Cieślak 2019-11-21 01:18:55 UTC
I could reproduce this building net-snmp with the following make variables set

NET_SNMP_WITHOUT_MIB_MODULE_LIST=       mibII mibII/ip mibII/ipv6 mibII/tcpTable
NET_SNMP_WITH_MIB_MODULE_LIST=  ip-mib
Comment 9 Marcin Cieślak 2019-11-21 01:56:16 UTC
Created attachment 209306 [details]
fix crash when setting scalar variables in the ip-mib module

This was broken at least since 2012 and probably longer...

The patch attached fixes might fix this:

radziecki> sudo sysctl net.inet.ip.forwarding=0
net.inet.ip.forwarding: 1 -> 0
radziecki> snmpget -v1 -c public localhost .1.3.6.1.2.1.4.1.0    
IP-MIB::ipForwarding.0 = INTEGER: notForwarding(2)
radziecki> sudo sysctl net.inet.ip.forwarding=1              
net.inet.ip.forwarding: 0 -> 1
radziecki> snmpget -v1 -c public localhost .1.3.6.1.2.1.4.1.0
IP-MIB::ipForwarding.0 = INTEGER: forwarding(1)
radziecki> snmpset -v1 -c public localhost .1.3.6.1.2.1.4.1.0 i 1
IP-MIB::ipForwarding.0 = INTEGER: forwarding(1)
radziecki> sudo sysctl net.inet.ip.forwarding                    
net.inet.ip.forwarding: 1
radziecki> snmpset -v1 -c public localhost .1.3.6.1.2.1.4.1.0 i 2
IP-MIB::ipForwarding.0 = INTEGER: notForwarding(2)
radziecki> sudo sysctl net.inet.ip.forwarding                    
net.inet.ip.forwarding: 0
radziecki> sudo sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1
radziecki> snmpget -v1 -c public localhost .1.3.6.1.2.1.4.1.0    
IP-MIB::ipForwarding.0 = INTEGER: forwarding(1)