[prev in list] [next in list] [prev in thread] [next in thread] 

List:       net-snmp-bugs
Subject:    [ net-snmp-Bugs-3555358 ] agent leaks memory when PDU request-id is zero
From:       SourceForge.net <noreply () sourceforge ! net>
Date:       2012-08-10 15:06:54
Message-ID: E1Szqng-00016m-JC () sfs-ml-4 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Bugs item #3555358, was opened at 2012-08-08 08:03
Message generated for change (Comment added) made by fenner
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=3555358&group_id=12694

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: agent
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Holger (holgersk)
Assigned to: Nobody/Anonymous (nobody)
Summary: agent leaks memory when PDU request-id is zero

Initial Comment:
Hi,

snmpd is leaking memory when receiving get or getnext requests where the PDU \
request-id is zero. This happens with NET-SNMP v5.4.4 and also with the latest \
v5.7.2pre3. I am using Linux (CentOS 5.8). I tested the agent with a modified version \
of the net-snmp get/getnext tools. I had to modify the tools because NET-SNMP \
normally skips a request ID of 0.

A related question: The memory leak was first noticed when using an SNMP manager \
which always uses a request-id of 0 for SNMP get/getnext requests. I had a look at \
RFC3416, which seems to be quite vague on what the request-id should be for an SNMP \
request. Is it a bug if a manager uses a request-id of 0 for every get/getnext?

Thanks,

Holger


----------------------------------------------------------------------

Comment By: Bill Fenner (fenner)
Date: 2012-08-10 08:06

Message:
https://sourceforge.net/tracker/index.php?func=detail&aid=2941811&group_id=12694&atid=312694


----------------------------------------------------------------------

Comment By: Holger (holgersk)
Date: 2012-08-10 07:54

Message:
Hi fenner,
I only change a local copy of reqid and it only gets changed just before
the response PDU gets freed. So the response PDU going back to the client
does contain the correct request-id.

I didn't manage to find a bug with ID 2941811

Thanks,

Holger

----------------------------------------------------------------------

Comment By: Bill Fenner (fenner)
Date: 2012-08-10 06:38

Message:
Does the changed request-id go into the response PDU?  Wouldn't a
well-behaving client then ignore it, since it would appear to be a response
to a different response?

I ran into a variation of this problem a few years ago, overloading the
request-id as a success/failure return.  See net-snmp bug 2941811, "snmpd
logs a non-error when sending response with req-id=0"; the fix was

-        if (!snmp_send(asp->session, asp->pdu)) {
+        if (!snmp_send(asp->session, asp->pdu) &&
+              asp->session->s_snmp_errno != SNMPERR_SUCCESS) {

so a similar fix may apply to your code path.


----------------------------------------------------------------------

Comment By: Holger (holgersk)
Date: 2012-08-09 08:12

Message:
It looks like a request-id of 0 is internally used for some error
indication.
For SNMP Gets or Sets the request-id can be 0, which then means that the
request-id of the response PDU will be 0.
The problem is that in _sess_async_send() the function snmp_free_pdu()
doesn't get called for the response PDU, if reqid is 0.
The attached patch fixes the problem for me.
It checks just before the PDU gets freed if the PDU is a response and the
request-id is 0. If so it changes reqid to something other than 0, so that
the response PDU gets freed. reqid is also used as the return value for
_sess_async_send(), where 0 would indicate an error.

Maybe one of the net-snmp coders can come up with a more elegant patch.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=3555358&group_id=12694

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Net-snmp-bugs mailing list
Net-snmp-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-bugs


[prev in list] [next in list] [prev in thread] [next in thread]