[Bug 215721] bsnmpwalk .1 spews out an uninitialized stream for an OID
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 3 05:39:45 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215721
Bug ID: 215721
Summary: bsnmpwalk .1 spews out an uninitialized stream for an
OID
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: ngie at FreeBSD.org
.1 is a common alias for the `iso` OID root. Unfortunately bsnmpwalk doesn't
like that -- in particular it claims the OID is too short and spews out a
stream of uninitialized memory. Example:
% bsnmpwalk .1 2>&1 | less
ASN.1: short oid at a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5
a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5
a5 a5 a5 a5 a5 ...
ASN.1: short oid at a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5
a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5
a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5 a5
...
bsnmpwalk: Snmp dialog: Invalid argument
%
valgrind claimed it was something to do with uninitialized heap space being
passed to asn_put_objid(..) from snmp_dialog(..):
ASN.1: short oid at==79003== Use of uninitialised value of size 8
==79003== at 0x5343CA5: ??? (in /lib/libc.so.7)
==79003== by 0x5341BB1: ??? (in /lib/libc.so.7)
==79003== by 0x5341A12: vfprintf_l (in /lib/libc.so.7)
==79003== by 0x5349F12: fprintf (in /lib/libc.so.7)
==79003== by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== Uninitialised value was created by a heap allocation
==79003== at 0x4C246B0: malloc (in
/usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==79003== by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4022FFF: ???
==79003==
==79003== Conditional jump or move depends on uninitialised value(s)
==79003== at 0x5343CB4: ??? (in /lib/libc.so.7)
==79003== by 0x5341BB1: ??? (in /lib/libc.so.7)
==79003== by 0x5341A12: vfprintf_l (in /lib/libc.so.7)
==79003== by 0x5349F12: fprintf (in /lib/libc.so.7)
==79003== by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== Uninitialised value was created by a heap allocation
==79003== at 0x4C246B0: malloc (in
/usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==79003== by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4022FFF: ???
==79003==
==79003== 19928 errors in context 1 of 2:
==79003== Conditional jump or move depends on uninitialised value(s)
==79003== at 0x5343CB4: ??? (in /lib/libc.so.7)
==79003== by 0x5341BB1: ??? (in /lib/libc.so.7)
==79003== by 0x5341A12: vfprintf_l (in /lib/libc.so.7)
==79003== by 0x5349F12: fprintf (in /lib/libc.so.7)
==79003== by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== Uninitialised value was created by a heap allocation
==79003== at 0x4C246B0: malloc (in
/usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==79003== by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4022FFF: ???
==79003==
==79003==
==79003== 19928 errors in context 2 of 2:
==79003== Use of uninitialised value of size 8
==79003== at 0x5343CA5: ??? (in /lib/libc.so.7)
==79003== by 0x5341BB1: ??? (in /lib/libc.so.7)
==79003== by 0x5341A12: vfprintf_l (in /lib/libc.so.7)
==79003== by 0x5349F12: fprintf (in /lib/libc.so.7)
==79003== by 0x4E38D55: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E39D98: asn_put_objid (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E3800E: snmp_binding_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E38198: snmp_pdu_encode (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E32593: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== Uninitialised value was created by a heap allocation
==79003== at 0x4C246B0: malloc (in
/usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==79003== by 0x4E32548: ??? (in /usr/lib/libbsnmp.so.6)
==79003== by 0x4E300E0: snmp_dialog (in /usr/lib/libbsnmp.so.6)
==79003== by 0x402AAB: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4020DE: ??? (in /usr/bin/bsnmpwalk)
==79003== by 0x4022FFF: ???
I believe the value passed in via bsnmpwalk is tainted.. asn_put_objid is
dumping out information for an OID deemed to be len == 1.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list