net-snmpd crashes with "buffer overflow detected" while reading agentaddress

Solution Unverified - Updated -

Issue

  • snmpd segfault when 'agentaddress' configuration options is used and too many SIGHUP signals are received.

agentaddress example:

/etc/snmp/snmpd.conf
--------------------
agentaddress 20161
  • net-snmpd crashes with "buffer overflow detected" while reading agentaddress
Program terminated with signal 6, Aborted.
#0  0x00007fcff5ed58a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64    return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 db4-4.7.25-17.el6.x86_64 elfutils-libelf-0.152-1.el6.x86_64 libacl-2.2.49-6.el6.x86_64 libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 libgcc-4.4.6-4.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 nspr-4.9-1.el6.x86_64 nss-3.13.3-6.el6.x86_64 nss-util-3.13.3-2.el6.x86_64 sqlite-3.6.20-1.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64
(gdb) bt
#0  0x00007fcff5ed58a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fcff5ed7085 in abort () at abort.c:92
#2  0x00007fcff5f12fe7 in __libc_message (do_abort=2, fmt=0x7fcff5ff9621 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3  0x00007fcff5fa4d47 in __fortify_fail (msg=0x7fcff5ff95c7 "buffer overflow detected") at fortify_fail.c:32
#4  0x00007fcff5fa2c30 in __chk_fail () at chk_fail.c:29
#5  0x00007fcff5fa2089 in _IO_str_chk_overflow (fp=0x815, c=2069) at vsprintf_chk.c:35
#6  0x00007fcff5f170e9 in _IO_default_xsputn (f=0x7fff666cc470, data=<value optimized out>, n=5) at genops.c:485
#7  0x00007fcff5eea566 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, ap=<value optimized out>) at vfprintf.c:1603
#8  0x00007fcff5fa212d in ___vsprintf_chk (
    s=0x7fff666cc680 "20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20"..., flags=1, slen=2560, format=0x7fcff7b604be "%s,%s", args=0x7fff666cc5a0) at vsprintf_chk.c:87
#9  0x00007fcff5fa206f in ___sprintf_chk (s=<value optimized out>, flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>) at sprintf_chk.c:33
#10 0x00007fcff7b38158 in sprintf (token=<value optimized out>, cptr=0x7fff666cd50d "20161") at /usr/include/bits/stdio2.h:34
#11 snmpd_set_agent_address (token=<value optimized out>, cptr=0x7fff666cd50d "20161") at agent_read_config.c:189
#12 0x00007fcff5c1d201 in run_config_handler (lptr=0x7fcff8a12380, token=0x7fff666cd100 "agentaddress", cptr=0x7fff666cd50d "20161", when=<value optimized out>) at read_config.c:506
#13 0x00007fcff5c1d41e in read_config (filename=0x7fff666cda10 "/etc/snmp/snmpd.conf", line_handler=0x7fcff8a11530, when=0) at read_config.c:778
#14 0x00007fcff5c1dbd3 in read_config_files_in_path (path=<value optimized out>, ctmp=0x7fcff8a111d0, when=0, perspath=0x7fcff8b7ecd0 "/var/lib/net-snmp", persfile=0x0) at read_config.c:1106
#15 0x00007fcff5c1def3 in read_config_files (when=0) at read_config.c:1187
#16 0x00007fcff5c1e8e4 in read_configs () at read_config.c:849
#17 0x00007fcff7f95a14 in receive (argc=<value optimized out>, argv=<value optimized out>) at snmpd.c:1135
#18 main (argc=<value optimized out>, argv=<value optimized out>) at snmpd.c:1060
(gdb)

Environment

  • Red Hat Enterprise Linux 6
  • net-snmp

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content