Re: UCD-4.2.2 snmptrapd verification

[Olaf Kirch <okir () caldera de>]

On Tue, Feb 19, 2002 at 01:58:26PM -0500, KF wrote:
> Olaf you are one of few that can duplicate this... can you tell us a 
> little more about what you guys found? Is this caused by a specific 
> version of libdb and do you know which one?

This is with the db implementation from sleepycat. At least version 3.3.11
has a db.1.85/PORT/linux/Makefile that adds an snprintf.o to libdb.a that
looks like this (removed a bunch of #ifdefs):

int
snprintf(char *str, size_t n, const char *fmt, ...)
{
        va_list ap;
        int rval;

        va_start(ap, fmt);
        rval = vsprintf(str, fmt, ap);
        va_end(ap);
        return (rval);
}

They have an equally glorious vsnprintf implementation in the same file.
Took me a while to hunt this down.

ar t /usr/lib/libdb.a is your friend :)

> Was the box you were on 
> intel based or PowerPC based? Wes from NAI could only duplicate this on 
> a "old" PowerPC box. I also run PowerPC, an intel box to throw in the 
> mix would perhaps make this more interesting?

Those were Intel boxes, but at least the bug we've been seeing was
not architecture specific. If you're seeing the bug only on a PowerPC,
my guess would be that it has a slightly older libdb, or your vendor
(RedHat?) released a security patch for IA32 but not the PPC. I can't
speak for RedHat, but at least for OpenLinux, releases for another
architecture (those few releases that we did so far) were always slightly
different from the Intel one, despite having the same version number.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.