net-snmpd crashes with "buffer overflow detected" while reading agentaddress

Solution Unverified - Updated -

Issue

  • snmpd segfault when 'agentaddress' configuration options is used and too many SIGHUP signals are received.

agentaddress example:

/etc/snmp/snmpd.conf
--------------------
agentaddress 20161
  • net-snmpd crashes with "buffer overflow detected" while reading agentaddress
Program terminated with signal 6, Aborted.
#0  0x00007fcff5ed58a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64    return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 db4-4.7.25-17.el6.x86_64 elfutils-libelf-0.152-1.el6.x86_64 libacl-2.2.49-6.el6.x86_64 libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 libgcc-4.4.6-4.el6.x86_64 libselinux-2.0.94-5.3.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 nspr-4.9-1.el6.x86_64 nss-3.13.3-6.el6.x86_64 nss-util-3.13.3-2.el6.x86_64 sqlite-3.6.20-1.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64
(gdb) bt
#0  0x00007fcff5ed58a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fcff5ed7085 in abort () at abort.c:92
#2  0x00007fcff5f12fe7 in __libc_message (do_abort=2, fmt=0x7fcff5ff9621 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198
#3  0x00007fcff5fa4d47 in __fortify_fail (msg=0x7fcff5ff95c7 "buffer overflow detected") at fortify_fail.c:32
#4  0x00007fcff5fa2c30 in __chk_fail () at chk_fail.c:29
#5  0x00007fcff5fa2089 in _IO_str_chk_overflow (fp=0x815, c=2069) at vsprintf_chk.c:35
#6  0x00007fcff5f170e9 in _IO_default_xsputn (f=0x7fff666cc470, data=<value optimized out>, n=5) at genops.c:485
#7  0x00007fcff5eea566 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, ap=<value optimized out>) at vfprintf.c:1603
#8  0x00007fcff5fa212d in ___vsprintf_chk (
    s=0x7fff666cc680 "20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20161,20"..., flags=1, slen=2560, format=0x7fcff7b604be "%s,%s", args=0x7fff666cc5a0) at vsprintf_chk.c:87
#9  0x00007fcff5fa206f in ___sprintf_chk (s=<value optimized out>, flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>) at sprintf_chk.c:33
#10 0x00007fcff7b38158 in sprintf (token=<value optimized out>, cptr=0x7fff666cd50d "20161") at /usr/include/bits/stdio2.h:34
#11 snmpd_set_agent_address (token=<value optimized out>, cptr=0x7fff666cd50d "20161") at agent_read_config.c:189
#12 0x00007fcff5c1d201 in run_config_handler (lptr=0x7fcff8a12380, token=0x7fff666cd100 "agentaddress", cptr=0x7fff666cd50d "20161", when=<value optimized out>) at read_config.c:506
#13 0x00007fcff5c1d41e in read_config (filename=0x7fff666cda10 "/etc/snmp/snmpd.conf", line_handler=0x7fcff8a11530, when=0) at read_config.c:778
#14 0x00007fcff5c1dbd3 in read_config_files_in_path (path=<value optimized out>, ctmp=0x7fcff8a111d0, when=0, perspath=0x7fcff8b7ecd0 "/var/lib/net-snmp", persfile=0x0) at read_config.c:1106
#15 0x00007fcff5c1def3 in read_config_files (when=0) at read_config.c:1187
#16 0x00007fcff5c1e8e4 in read_configs () at read_config.c:849
#17 0x00007fcff7f95a14 in receive (argc=<value optimized out>, argv=<value optimized out>) at snmpd.c:1135
#18 main (argc=<value optimized out>, argv=<value optimized out>) at snmpd.c:1060
(gdb) 

Environment

  • Red Hat Enterprise Linux 6
  • net-snmp

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In