Vulnerability Development mailing list archives

Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification

From: KF <dotslash () snosoft com>
Date: Mon, 18 Feb 2002 07:58:27 -0500

I am using -o with snmptrapd to send outout to file... no other options.

[root@linuxppc root]# rpm -qa | grep glibc-2
glibc-2.2.4-16mdk

Here is an example
[root@linuxppc testcases-KEEP-ucd-snmp-4.2.2]# cat  00006267.core.gdb
Core was generated by `/root/SNMP/sbin/snmptrapd -o /tmp/snmptrapd.log'.
Program terminated with signal 11, Segmentation fault.
#0  0x0fe19090 in strlen () from /lib/libc.so.6
721
722     #ifdef notused
723         in_addr_t myaddr;
724         oid src[MAX_OID_LEN], dst[MAX_OID_LEN], context[MAX_OID_LEN];
725         int srclen, dstlen, contextlen;
726         char ctmp[300];
727     #endif
728

729 /* register our configuration handlers now so -H properlydisplays them */

730         register_config_handler("snmptrapd", "traphandle",
#0  0x0fe19090 in strlen () from /lib/libc.so.6
#1  0x0fde8bfc in vfprintf () from /lib/libc.so.6

heres another example...

(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x0fe19090 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x0fe19090 in strlen () from /lib/libc.so.6
#1  0x0fde8bfc in vfprintf () from /lib/libc.so.6
#2  0x0fe09220 in vsnprintf () from /lib/libc.so.6
#3  0x100355a0 in snmp_vlog (priority=6, format=0x100434c0 "%s%s",
  ap=0x7fffcf90) at snmp_logging.c:251
#4  0x10035684 in snmp_log (priority=32896,
  format=0x8080 <Address 0x8080 out of bounds>) at snmp_logging.c:278
#5  0x100020ac in snmp_input (op=32896, session=0x1008889c, reqid=0,
  pdu=0x100887f0, magic=0x7f7f0000) at snmptrapd.c:471
#6  0x10028be0 in _sess_read (sessp=0x100859c0, fdset=0x8080)
  at snmp_api.c:4268
#7  0x10028c68 in snmp_sess_read (sessp=0x100859c0, fdset=0x8080)
  at snmp_api.c:4291
#8  0x100282a4 in snmp_read (fdset=0x7ffff6d0) at snmp_api.c:3943
#9  0x10003348 in main (argc=268828672, argv=0x10060000) at snmptrapd.c:1030
#10 0x0fdb5b90 in __libc_start_main () from /lib/libc.so.6


/home/root/misc/snmp/ucd-snmp-4.2.2/snmplib/snmp_logging.c:#define
LOGLENGTH 1024
int
snmp_vlog (int priority, const char *format, va_list ap)
{
      char buffer[LOGLENGTH];
...
 vsnprintf(dynamic, length+1, format, ap);  <--- line 251

-KF



Wes Hardaker wrote:

On Mon, 18 Feb 2002 10:01:06 -0700, "Laurence Brockman" <laurence () fluxinc com> said:


Laurence> The copy of glibc I'm running is glibc-2.2.4. I've
Laurence> encountered the same problems as dotslash when using the
Laurence> following command: snmptrapd -f -n -P, where the key is the
Laurence> -P (Print out to stderr) I think.

Laurence> This is on an Intel running patched version of RedHat 7.2

I have a (patched) redhat7.2 system with glibc 2.2.4-19 and have tried
to reproduce the bug on it and simply can't.  It works just fine (both
4.2.2 and 4.2.3).

grrr....

(is it dying in the vsnprintf routine?)

Current thread:

UCD-4.2.2 and UCD-4.2.3 snmptrapd verification KF (Feb 16)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
  - Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)
    - Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
    - Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification KF (Feb 18)
    - Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
    - Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)