meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15862.patch - openbmc/openbmc - Gitiles

 From de36cf1ecbb13a9541ec5d43ce20ab5030861837 Mon Sep 17 00:00:00 2001
 From: Wes Hardaker <opensource@hardakers.net>
 Date: Thu, 23 Jul 2020 16:17:27 -0700
 Subject: [PATCH 1/1] make the extend mib read-only by default

 CVE: CVE-2020-15862
 Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205]

 Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
 ---
  agent/mibgroup/agent/extend.c | 18 ++++++++++++------
  1 file changed, 12 insertions(+), 6 deletions(-)

 diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
 index 5f8cedc..38a6c50 100644
 --- a/agent/mibgroup/agent/extend.c
 +++ b/agent/mibgroup/agent/extend.c
 @@ -16,6 +16,12 @@
  #define SHELLCOMMAND 3
  #endif

 +/*  This mib is potentially dangerous to turn on by default, since it
 + *  allows arbitrary commands to be set by anyone with SNMP WRITE
 + *  access to the MIB table.  If all of your users are "root" level
 + *  users, then it may be safe to turn on. */
 +#define ENABLE_EXTEND_WRITE_ACCESS 0
 +
  netsnmp_feature_require(extract_table_row_data)
  netsnmp_feature_require(table_data_delete_table)
  #ifndef NETSNMP_NO_WRITE_SUPPORT
 @@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler          *handler,
           *
           **********/

 -#ifndef NETSNMP_NO_WRITE_SUPPORT
 +#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
          case MODE_SET_RESERVE1:
              /*
               * Validate the new assignments
 @@ -1068,7 +1074,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler          *handler,
                  }
              }
              break;
 -#endif /* !NETSNMP_NO_WRITE_SUPPORT */
 +#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */

          default:
              netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
 @@ -1076,7 +1082,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler          *handler,
          }
      }

 -#ifndef NETSNMP_NO_WRITE_SUPPORT
 +#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
      /*
       * If we're marking a given row as active,
       *  then we need to check that it's ready.
 @@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler          *handler,
              }
          }
      }
 -#endif /* !NETSNMP_NO_WRITE_SUPPORT */
 +#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */

      return SNMP_ERR_NOERROR;
  }
 @@ -1590,7 +1596,7 @@ fixExec2Error(int action,
      idx = name[name_len-1] -1;
      exten = &compatability_entries[ idx ];

 -#ifndef NETSNMP_NO_WRITE_SUPPORT
 +#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
      switch (action) {
      case MODE_SET_RESERVE1:
          if (var_val_type != ASN_INTEGER) {
 @@ -1611,7 +1617,7 @@ fixExec2Error(int action,
      case MODE_SET_COMMIT:
          netsnmp_cache_check_and_reload( exten->efix_entry->cache );
      }
 -#endif /* !NETSNMP_NO_WRITE_SUPPORT */
 +#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
      return SNMP_ERR_NOERROR;
  }
  #endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */
 --
 2.17.1
	From de36cf1ecbb13a9541ec5d43ce20ab5030861837 Mon Sep 17 00:00:00 2001
	From: Wes Hardaker <opensource@hardakers.net>
	Date: Thu, 23 Jul 2020 16:17:27 -0700
	Subject: [PATCH 1/1] make the extend mib read-only by default

	CVE: CVE-2020-15862
	Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205]

	Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
	---
	agent/mibgroup/agent/extend.c \| 18 ++++++++++++------
	1 file changed, 12 insertions(+), 6 deletions(-)

	diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
	index 5f8cedc..38a6c50 100644
	--- a/agent/mibgroup/agent/extend.c
	+++ b/agent/mibgroup/agent/extend.c
	@@ -16,6 +16,12 @@
	#define SHELLCOMMAND 3
	#endif

	+/* This mib is potentially dangerous to turn on by default, since it
	+ * allows arbitrary commands to be set by anyone with SNMP WRITE
	+ * access to the MIB table. If all of your users are "root" level
	+ * users, then it may be safe to turn on. */
	+#define ENABLE_EXTEND_WRITE_ACCESS 0
	+
	netsnmp_feature_require(extract_table_row_data)
	netsnmp_feature_require(table_data_delete_table)
	#ifndef NETSNMP_NO_WRITE_SUPPORT
	@@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
	*
	**********/

	-#ifndef NETSNMP_NO_WRITE_SUPPORT
	+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
	case MODE_SET_RESERVE1:
	/*
	* Validate the new assignments
	@@ -1068,7 +1074,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
	}
	}
	break;
	-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
	+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */

	default:
	netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
	@@ -1076,7 +1082,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
	}
	}

	-#ifndef NETSNMP_NO_WRITE_SUPPORT
	+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
	/*
	* If we're marking a given row as active,
	* then we need to check that it's ready.
	@@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
	}
	}
	}
	-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
	+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */

	return SNMP_ERR_NOERROR;
	}
	@@ -1590,7 +1596,7 @@ fixExec2Error(int action,
	idx = name[name_len-1] -1;
	exten = &compatability_entries[ idx ];

	-#ifndef NETSNMP_NO_WRITE_SUPPORT
	+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
	switch (action) {
	case MODE_SET_RESERVE1:
	if (var_val_type != ASN_INTEGER) {
	@@ -1611,7 +1617,7 @@ fixExec2Error(int action,
	case MODE_SET_COMMIT:
	netsnmp_cache_check_and_reload( exten->efix_entry->cache );
	}
	-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
	+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
	return SNMP_ERR_NOERROR;
	}
	#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */
	--
	2.17.1