o Add a patch for CVE-2007-5846, and add an entry for vuxml.

Approved by: portmgr (marcus)
author: Jun Kuriyama <kuriyama@FreeBSD.org> 2007-11-14 05:45:24 +0000
committer: Jun Kuriyama <kuriyama@FreeBSD.org> 2007-11-14 05:45:24 +0000
commit: c81bd82f434db14ec182c689984e9a523eb0ccf3 (patch)
tree: 9e8d9177b977dffcb3135466e5fed4296469cf03 /net-mgmt/net-snmp53
parent: Fix build on FreeBSD 7 and later. (diff)
3 files changed, 121 insertions, 1 deletions
diff --git a/net-mgmt/net-snmp53/Makefile b/net-mgmt/net-snmp53/Makefile
index f44730e35ad8..40675843b7a3 100644
--- a/net-mgmt/net-snmp53/Makefile
+++ b/net-mgmt/net-snmp53/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	snmp
 PORTVERSION=	5.3.1
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	net-mgmt ipv6
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	net-snmp
diff --git a/net-mgmt/net-snmp53/files/patch-CVE-2007-5846 b/net-mgmt/net-snmp53/files/patch-CVE-2007-5846
new file mode 100644
index 000000000000..f3bc3e566731
--- /dev/null
+++ b/net-mgmt/net-snmp53/files/patch-CVE-2007-5846
@@ -0,0 +1,105 @@
+Index: man/snmpd.conf.5.def
+===================================================================
+--- man/snmpd.conf.5.def	(revision 16338)
++++ man/snmpd.conf.5.def	(working copy)
+@@ -71,6 +71,28 @@
+ .IP "leave_pidfile yes"
+ instructs the agent to not remove its pid file on shutdown. Equivalent to
+ specifying "-U" on the command line.
++.IP "maxGetbulkRepeats NUM"
++Sets the maximum number of responses allowed for a single variable in
++a getbulk request.  Set to 0 to enable the default and set it to -1 to
++enable unlimited.  Because memory is allocated ahead of time, sitting
++this to unlimited is not considered safe if your user population can
++not be trusted.  A repeat number greater than this will be truncated
++to this value.
++.IP
++This is set by default to -1.
++.IP "maxGetbulkResponses NUM"
++Sets the maximum number of responses allowed for a getbulk request.
++This is set by default to 100.  Set to 0 to enable the default and set
++it to -1 to enable unlimited.  Because memory is allocated ahead of
++time, sitting this to unlimited is not considered safe if your user
++population can not be trusted.
++.IP
++In general, the total number of responses will not be allowed to
++exceed the maxGetbulkResponses number and the total number returned
++will be an integer multiple of the number of variables requested times
++the calculated number of repeats allow to fit below this number.
++.IP
++Also not that processing of maxGetbulkRepeats is handled first.
+ .SS SNMPv3 Configuration
+ SNMPv3 requires an SNMP agent to define a unique "engine ID"
+ in order to respond to SNMPv3 requests.
+Index: include/net-snmp/agent/ds_agent.h
+===================================================================
+--- include/net-snmp/agent/ds_agent.h	(revision 16338)
++++ include/net-snmp/agent/ds_agent.h	(working copy)
+@@ -59,5 +59,7 @@
+ #define NETSNMP_DS_AGENT_CACHE_TIMEOUT  10      /* default cache timeout */
+ #define NETSNMP_DS_AGENT_INTERNAL_VERSION  11   /* used by internal queries */
+ #define NETSNMP_DS_AGENT_INTERNAL_SECLEVEL 12   /* used by internal queries */
++#define NETSNMP_DS_AGENT_MAX_GETBULKREPEATS 13 /* max getbulk repeats */
++#define NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES 14   /* max getbulk respones */
+ 
+ #endif
+Index: agent/snmp_agent.c
+===================================================================
+--- agent/snmp_agent.c	(revision 16338)
++++ agent/snmp_agent.c	(working copy)
+@@ -2156,7 +2156,6 @@
+          * getbulk prep 
+          */
+         int             count = count_varbinds(asp->pdu->variables);
+-
+         if (asp->pdu->errstat < 0) {
+             asp->pdu->errstat = 0;
+         }
+@@ -2173,8 +2172,37 @@
+             r = 0;
+             asp->bulkcache = NULL;
+         } else {
++            int numresponses;
++            int           maxbulk =
++                netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
++                                   NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
++            int maxresponses =
++                netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID,
++                                   NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES);
++
++            if (maxresponses == 0)
++                maxresponses = 100;   /* more than reasonable default */
++
++            if (maxbulk == 0)
++                maxbulk = -1;
++
++            /* limit getbulk number of repeats to a configured size */
++            if (asp->pdu->errindex > maxbulk && maxbulk != -1) {
++                asp->pdu->errindex = maxbulk;
++            }
++
++            numresponses = asp->pdu->errindex * r;
++
++            /* limit getbulk number of getbulk responses to a configured size */
++            if (maxresponses != -1 && numresponses > maxresponses) {
++                /* attempt to truncate this */
++                asp->pdu->errindex = maxresponses/r;
++                numresponses = asp->pdu->errindex * r;
++                DEBUGMSGTL(("snmp_agent", "truncating number of getbulk repeats to %d\n", asp->pdu->errindex));
++            }
++
+             asp->bulkcache =
+-                (netsnmp_variable_list **) malloc(asp->pdu->errindex * r *
++                (netsnmp_variable_list **) malloc(numresponses *
+                                                   sizeof(struct
+                                                          varbind_list *));
+             if (!asp->bulkcache) {
+@@ -2184,6 +2212,8 @@
+         }
+         DEBUGMSGTL(("snmp_agent", "GETBULK N = %d, M = %d, R = %d\n",
+                     n, asp->pdu->errindex, r));
++        fprintf(stderr, "GETBULK N = %d, M = %d, R = %d\n",
++                n, asp->pdu->errindex, r);
+     }
+ 
+     /*
diff --git a/net-mgmt/net-snmp53/files/patch-CVE-2007-5846-agent_read_config.c b/net-mgmt/net-snmp53/files/patch-CVE-2007-5846-agent_read_config.c
new file mode 100644
index 000000000000..7400bec01409
--- /dev/null
+++ b/net-mgmt/net-snmp53/files/patch-CVE-2007-5846-agent_read_config.c
@@ -0,0 +1,15 @@
+--- agent/agent_read_config.c.orig	2006-04-21 07:15:41.000000000 +0900
++++ agent/agent_read_config.c	2007-11-14 07:49:18.676387454 +0900
+@@ -255,6 +255,12 @@
+     netsnmp_ds_register_config(ASN_BOOLEAN, app, "leave_pidfile", 
+ 			       NETSNMP_DS_APPLICATION_ID,
+ 			       NETSNMP_DS_AGENT_LEAVE_PIDFILE);
++    netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkRepeats",
++                               NETSNMP_DS_APPLICATION_ID,
++                               NETSNMP_DS_AGENT_MAX_GETBULKREPEATS);
++    netsnmp_ds_register_config(ASN_INTEGER, app, "maxGetbulkResponses",
++                               NETSNMP_DS_APPLICATION_ID,
++                               NETSNMP_DS_AGENT_MAX_GETBULKRESPONSES);
+     netsnmp_init_handler_conf();
+ 
+ #include "agent_module_dot_conf.h"
author	Jun Kuriyama <kuriyama@FreeBSD.org>	2007-11-14 05:45:24 +0000
committer	Jun Kuriyama <kuriyama@FreeBSD.org>	2007-11-14 05:45:24 +0000
commit	c81bd82f434db14ec182c689984e9a523eb0ccf3 (patch)
tree	9e8d9177b977dffcb3135466e5fed4296469cf03 /net-mgmt/net-snmp53
parent	Fix build on FreeBSD 7 and later. (diff)