Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
net-snmp.23230
net-snmp-5.7.3-build-with-openssl-1.1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File net-snmp-5.7.3-build-with-openssl-1.1.patch of Package net-snmp.23230
From 392e006fc5c64a74ec080b090d02a2d29340494c Mon Sep 17 00:00:00 2001 From: Daniel Molkentin <daniel.molkentin@suse.com> Date: Wed, 22 Mar 2017 14:49:06 +0100 Subject: [PATCH] Backport several fixes from upstream's V5-7-patches branch. Initial support for OpenSSL 1.1 API changes. A slightly modified version from patch 1336, updated to work if you have LibreSSL. There is more work needed to handle TLSTCP and DTLSUDP transports. Thanks to Sharmila Podury. OpenSSL 1.1 fixes for SNMP-USM-DH-OBJECTS-MIB implementation. openssl 1.1.0: Fix several build errors Autodetect DH_get0_pqg() and DH_get0_key() to unbreak the MinGW build. In recent versions of openssl several data structures have been made opaque that were not opaque before. Avoid that attempts to access members of these opaque data structures cause the build to fail. MIBs: Use strlcpy() instead of strcpy() to copy a variable-length string into a fixed-size array apps/snmpusm: Only provide a DH_get0_key() replacement if openssl is available --- agent/mibgroup/disman/event/mteEvent.c | 6 +- agent/mibgroup/disman/event/mteTriggerConf.c | 5 +- agent/mibgroup/disman/schedule/schedCore.c | 17 +-- agent/mibgroup/hardware/cpu/cpu.c | 2 +- agent/mibgroup/hardware/cpu/cpu_linux.c | 2 +- agent/mibgroup/hardware/cpu/cpu_pcp.c | 2 +- agent/mibgroup/hardware/cpu/cpu_sysinfo.c | 2 +- agent/mibgroup/hardware/sensors/hw_sensors.c | 2 +- agent/mibgroup/host/hr_disk.c | 3 +- agent/mibgroup/host/hr_network.c | 2 +- agent/mibgroup/host/hr_swrun.c | 34 +++--- agent/mibgroup/mibII/mta_sendmail.c | 4 +- agent/mibgroup/mibII/system_mib.c | 2 +- agent/mibgroup/mibII/vacm_conf.c | 13 ++- .../usmDHParameters/usmDHParameters.c | 39 ++++++- .../usmDHUserKeyTable/usmDHUserKeyTable_data_get.c | 67 +++++++++++- agent/mibgroup/target/snmpTargetParamsEntry.c | 3 +- agent/mibgroup/ucd-snmp/logmatch.c | 5 +- agent/mibgroup/ucd-snmp/proc.c | 2 +- agent/mibgroup/util_funcs.c | 2 +- agent/mibgroup/util_funcs/get_pid_from_inode.c | 4 +- apps/snmpusm.c | 51 +++++++-- configure | 115 ++++++++++++++++++++- configure.d/config_os_libs2 | 29 +++++- include/net-snmp/net-snmp-config.h.in | 21 ++++ snmplib/keytools.c | 8 +- snmplib/scapi.c | 8 +- snmplib/snmp_openssl.c | 36 +++++-- snmplib/vacm.c | 20 ++-- win32/net-snmp/net-snmp-config.h | 15 +++ win32/net-snmp/net-snmp-config.h.in | 15 +++ 31 files changed, 440 insertions(+), 96 deletions(-) diff --git a/agent/mibgroup/disman/event/mteEvent.c b/agent/mibgroup/disman/event/mteEvent.c index bc4ff0bfb..880520f22 100644 --- a/agent/mibgroup/disman/event/mteEvent.c +++ b/agent/mibgroup/disman/event/mteEvent.c @@ -76,9 +76,7 @@ _init_builtin_mteEvent( const char *event, const char *oname, oid *trapOID, size netsnmp_tdata_row *row; struct mteEvent *entry; - memset(ename, 0, sizeof(ename)); - ename[0] = '_'; - memcpy(ename+1, event, strlen(event)); + snprintf(ename, sizeof(ename), "_%s", event); row = mteEvent_createEntry( "_snmpd", ename, 1 ); if (!row || !row->data) @@ -89,7 +87,7 @@ _init_builtin_mteEvent( const char *event, const char *oname, oid *trapOID, size entry->mteNotification_len = trapOID_len; memcpy( entry->mteNotification, trapOID, trapOID_len*sizeof(oid)); memcpy( entry->mteNotifyOwner, "_snmpd", 6 ); - memcpy( entry->mteNotifyObjects, oname, strlen(oname)); + strlcpy(entry->mteNotifyObjects, oname, sizeof(entry->mteNotifyObjects)); entry->flags |= MTE_EVENT_FLAG_ENABLED| MTE_EVENT_FLAG_ACTIVE| MTE_EVENT_FLAG_VALID; diff --git a/agent/mibgroup/disman/event/mteTriggerConf.c b/agent/mibgroup/disman/event/mteTriggerConf.c index e7bb69b28..a0eaf2f3d 100644 --- a/agent/mibgroup/disman/event/mteTriggerConf.c +++ b/agent/mibgroup/disman/event/mteTriggerConf.c @@ -507,13 +507,12 @@ parse_mteMonitor(const char *token, const char *line) memcpy(oid_name_buf, buf, SPRINT_MAX_LEN); memset( buf, 0, SPRINT_MAX_LEN); cp = copy_nword_const(cp, buf, SPRINT_MAX_LEN); - value = strtol(buf, NULL, 0); + value = strtol(buf, NULL, 0); /* * ... then save the rest of the line for later. */ - memset( buf, 0, strlen(buf)); - memcpy( buf, cp, strlen(cp)); + strlcpy(buf, cp, sizeof(buf)); cp = NULL; /* To terminate the processing loop */ DEBUGMSGTL(("disman:event:conf", "%s: Thresh (%s, %ld, %s)\n", tname, oid_name_buf, value, buf)); diff --git a/agent/mibgroup/disman/schedule/schedCore.c b/agent/mibgroup/disman/schedule/schedCore.c index c3db34f20..9dcf63b12 100644 --- a/agent/mibgroup/disman/schedule/schedCore.c +++ b/agent/mibgroup/disman/schedule/schedCore.c @@ -454,6 +454,7 @@ schedTable_createEntry(const char *schedOwner, const char *schedName) { struct schedTable_entry *entry; netsnmp_tdata_row *row; + int len; DEBUGMSGTL(("disman:schedule:entry", "creating entry (%s, %s)\n", schedOwner, schedName)); @@ -472,16 +473,20 @@ schedTable_createEntry(const char *schedOwner, const char *schedName) * data structure, and in the table_data helper. */ if (schedOwner) { - memcpy(entry->schedOwner, schedOwner, strlen(schedOwner)); - netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, - entry->schedOwner, strlen(schedOwner)); + len = strlen(schedOwner); + if (len > sizeof(entry->schedOwner)) + len = sizeof(entry->schedOwner); + memcpy(entry->schedOwner, schedOwner, len); + netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, entry->schedOwner, len); } else netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, "", 0 ); - memcpy( entry->schedName, schedName, strlen(schedName)); - netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, - entry->schedName, strlen(schedName)); + len = strlen(schedName); + if (len > sizeof(entry->schedName)) + len = sizeof(entry->schedName); + memcpy(entry->schedName, schedName, len); + netsnmp_tdata_row_add_index(row, ASN_OCTET_STR, entry->schedName, len); /* * Set the (non-zero) default values in the row data structure. */ diff --git a/agent/mibgroup/hardware/cpu/cpu.c b/agent/mibgroup/hardware/cpu/cpu.c index 27720016d..80fef1853 100644 --- a/agent/mibgroup/hardware/cpu/cpu.c +++ b/agent/mibgroup/hardware/cpu/cpu.c @@ -148,7 +148,7 @@ netsnmp_cpu_info *netsnmp_cpu_get_byName( char *name, int create ) { return NULL; } - strcpy(cpu->name, name); + strlcpy(cpu->name, name, sizeof(cpu)); if ( _cpu_tail ) { cpu->idx = _cpu_tail->idx+1; _cpu_tail->next = cpu; diff --git a/agent/mibgroup/hardware/cpu/cpu_linux.c b/agent/mibgroup/hardware/cpu/cpu_linux.c index b1dc30832..b221afc55 100644 --- a/agent/mibgroup/hardware/cpu/cpu_linux.c +++ b/agent/mibgroup/hardware/cpu/cpu_linux.c @@ -72,7 +72,7 @@ void init_cpu_linux( void ) { #ifdef DESCR_FIELD if (!strncmp( buf, DESCR_FIELD, strlen(DESCR_FIELD))) { cp = strchr( buf, ':' ); - strcpy( cpu->descr, cp+2 ); + strlcpy(cpu->descr, cp + 2, sizeof(cpu->descr)); cp = strchr( cpu->descr, '\n' ); *cp = 0; } diff --git a/agent/mibgroup/hardware/cpu/cpu_pcp.c b/agent/mibgroup/hardware/cpu/cpu_pcp.c index 94c7b5cfa..62c0a0443 100644 --- a/agent/mibgroup/hardware/cpu/cpu_pcp.c +++ b/agent/mibgroup/hardware/cpu/cpu_pcp.c @@ -120,7 +120,7 @@ void init_cpu_pcp( void ) { for (i=0; i<cpu_num ; i++) { cpu = netsnmp_cpu_get_byIdx( i, 1 ); sprintf(tstr, "cpu%d",i); - strcpy(cpu->name, tstr); + strlcpy(cpu->name, tstr, sizeof(cpu->name)); strcpy(cpu->descr, "An electronic chip that makes the computer work"); } } diff --git a/agent/mibgroup/hardware/cpu/cpu_sysinfo.c b/agent/mibgroup/hardware/cpu/cpu_sysinfo.c index ed1f3579f..7b009a226 100644 --- a/agent/mibgroup/hardware/cpu/cpu_sysinfo.c +++ b/agent/mibgroup/hardware/cpu/cpu_sysinfo.c @@ -66,7 +66,7 @@ void init_cpu_sysinfo( void ) { cpu = netsnmp_cpu_get_byIdx(i, 1); sprintf(tstr, "cpu%d",i); - strcpy(cpu->name, tstr); + strlcpy(cpu->name, tstr, sizeof(cpu->name)); strcpy(cpu->descr, "Central Processing Unit"); } } diff --git a/agent/mibgroup/hardware/sensors/hw_sensors.c b/agent/mibgroup/hardware/sensors/hw_sensors.c index 1a0164553..a5341d0f9 100644 --- a/agent/mibgroup/hardware/sensors/hw_sensors.c +++ b/agent/mibgroup/hardware/sensors/hw_sensors.c @@ -168,7 +168,7 @@ sensor_by_name( const char *name, int create_type ) free(sp); return NULL; } - strcpy( sp->name, name ); + strlcpy(sp->name, name, sizeof(sp->name)); sp->type = create_type; /* * Set up the index value. diff --git a/agent/mibgroup/host/hr_disk.c b/agent/mibgroup/host/hr_disk.c index c4ac52f09..27629f673 100644 --- a/agent/mibgroup/host/hr_disk.c +++ b/agent/mibgroup/host/hr_disk.c @@ -407,7 +407,7 @@ parse_disk_config(const char *token, char *cptr) *p != '\0' && *p != '?' && *p != '*' && *p != '['; p++); c = *p; *p = '\0'; - d_str = (char *) malloc(strlen(name) + 1); + d_str = strdup(name); if (!d_str) { SNMP_FREE(d_new); SNMP_FREE(d_str); @@ -416,7 +416,6 @@ parse_disk_config(const char *token, char *cptr) config_perror("Out of memory"); return; } - strcpy(d_str, name); *p = c; di_curr->item_type = ITEM_STRING; di_curr->item_details = (void *) d_str; diff --git a/agent/mibgroup/host/hr_network.c b/agent/mibgroup/host/hr_network.c index 6cce58c8f..3036d9200 100644 --- a/agent/mibgroup/host/hr_network.c +++ b/agent/mibgroup/host/hr_network.c @@ -257,7 +257,7 @@ int HRN_index; void Save_HR_Network_Info(void) { - strcpy(HRN_savedName, HRN_name); + strlcpy(HRN_savedName, HRN_name, sizeof(HRN_savedName)); #if defined( USING_IF_MIB_IFTABLE_IFTABLE_DATA_ACCESS_MODULE ) HRN_savedFlags = HRN_ifnet->os_flags; HRN_savedErrors = HRN_ifnet->stats.ierrors + HRN_ifnet->stats.oerrors; diff --git a/agent/mibgroup/host/hr_swrun.c b/agent/mibgroup/host/hr_swrun.c index f40e99790..1fc9ae3e4 100644 --- a/agent/mibgroup/host/hr_swrun.c +++ b/agent/mibgroup/host/hr_swrun.c @@ -698,13 +698,13 @@ var_hrswrun(struct variable * vp, *cp = '\0'; #elif HAVE_KVM_GETPROCS #if defined(freebsd5) && __FreeBSD_version >= 500014 - strcpy(string, proc_table[LowProcIndex].ki_comm); + strlcpy(string, proc_table[LowProcIndex].ki_comm, sizeof(string)); #elif defined(dragonfly) && __DragonFly_version >= 190000 - strcpy(string, proc_table[LowProcIndex].kp_comm); + strlcpy(string, proc_table[LowProcIndex].kp_comm, sizeof(string)); #elif defined(openbsd5) - strcpy(string, proc_table[LowProcIndex].p_comm); + strlcpy(string, proc_table[LowProcIndex].p_comm, sizeof(string)); #else - strcpy(string, proc_table[LowProcIndex].kp_proc.p_comm); + strlcpy(string, proc_table[LowProcIndex].kp_proc.p_comm, sizeof(string)); #endif #elif defined(linux) if( (cp=get_proc_name_from_status(pid,buf,sizeof(buf))) == NULL ) { @@ -712,7 +712,7 @@ var_hrswrun(struct variable * vp, *var_len = strlen(string); return (u_char *) string; } - strcpy(string, cp); + strlcpy(string, cp, sizeof(string)); #elif defined(cygwin) /* if (lowproc.process_state & (PID_ZOMBIE | PID_EXITED)) */ if (lowproc.process_state & PID_EXITED || (lowproc.exitcode & ~0xffff)) @@ -721,7 +721,7 @@ var_hrswrun(struct variable * vp, cygwin_conv_to_posix_path(lowproc.progname, string); cp = strrchr(string, '/'); if (cp) - strcpy(string, cp + 1); + strlcpy(string, cp + 1, sizeof(string)); } else if (query == CW_GETPINFO_FULL) { DWORD n = lowproc.dwProcessId & 0xffff; HANDLE h = @@ -739,7 +739,7 @@ var_hrswrun(struct variable * vp, sizeof string)) { cp = strrchr(string, '\\'); if (cp) - strcpy(string, cp + 1); + strlcpy(string, cp + 1, sizeof(string)); } else strcpy(string, "*** unknown"); CloseHandle(h); @@ -795,7 +795,7 @@ var_hrswrun(struct variable * vp, #elif defined(solaris2) #ifdef _SLASH_PROC_METHOD_ if (proc_buf) - strcpy(string, proc_buf->pr_psargs); + strlcpy(string, proc_buf->pr_psargs, sizeof(string)); else sprintf(string, "<exited>"); cp = strchr(string, ' '); @@ -821,18 +821,18 @@ var_hrswrun(struct variable * vp, *cp = '\0'; #elif HAVE_KVM_GETPROCS #if defined(freebsd5) && __FreeBSD_version >= 500014 - strcpy(string, proc_table[LowProcIndex].ki_comm); + strlcpy(string, proc_table[LowProcIndex].ki_comm, sizeof(string)); #elif defined(dragonfly) && __DragonFly_version >= 190000 - strcpy(string, proc_table[LowProcIndex].kp_comm); + strlcpy(string, proc_table[LowProcIndex].kp_comm, sizeof(string)); #elif defined(openbsd5) - strcpy(string, proc_table[LowProcIndex].p_comm); + strlcpy(string, proc_table[LowProcIndex].p_comm, sizeof(string)); #else - strcpy(string, proc_table[LowProcIndex].kp_proc.p_comm); + strlcpy(string, proc_table[LowProcIndex].kp_proc.p_comm, sizeof(string)); #endif #elif defined(linux) cp = get_proc_name_from_cmdline(pid,buf,sizeof(buf)-1); if (cp != NULL && *cp) /* argv[0] '\0' argv[1] '\0' .... */ - strcpy(string, cp); + strlcpy(string, cp, sizeof(string)); else { /* * swapped out - no cmdline @@ -842,7 +842,7 @@ var_hrswrun(struct variable * vp, *var_len = strlen(string); return (u_char *) string; } - strcpy(string, cp); + strlcpy(string, cp, sizeof(string)); } #elif defined(cygwin) /* if (lowproc.process_state & (PID_ZOMBIE | PID_EXITED)) */ @@ -900,7 +900,7 @@ var_hrswrun(struct variable * vp, if (proc_buf) { cp = strchr(proc_buf->pr_psargs, ' '); if (cp) - strcpy(string, cp + 1); + strlcpy(string, cp + 1, sizeof(string)); else string[0] = 0; } else @@ -911,7 +911,7 @@ var_hrswrun(struct variable * vp, cp++; if (*cp == ' ') cp++; - strcpy(string, cp); + strlcpy(string, cp, sizeof(string)); #endif #elif defined(aix4) || defined(aix5) || defined(aix6) || defined(aix7) cp = strchr(proc_table[LowProcIndex].pi_comm, ' '); @@ -972,7 +972,7 @@ var_hrswrun(struct variable * vp, while (*cp) ++cp; ++cp; - strcpy(string, cp); + strlcpy(string, cp, sizeof(string)); #elif defined(cygwin) string[0] = 0; #else diff --git a/agent/mibgroup/mibII/mta_sendmail.c b/agent/mibgroup/mibII/mta_sendmail.c index c1edd079f..bcdf8fa14 100644 --- a/agent/mibgroup/mibII/mta_sendmail.c +++ b/agent/mibgroup/mibII/mta_sendmail.c @@ -586,7 +586,7 @@ add_queuegroup(const char *name, char *path) */ *p = '\0'; - strcpy(parentdir, path); + strlcpy(parentdir, path, sizeof(parentdir)); /* * remove last directory component from parentdir */ @@ -877,7 +877,7 @@ read_sendmailcf(BOOL config) linenr, sendmailcf_fn); break; } - strcpy(sendmailst_fn, line + 2); + strlcpy(sendmailst_fn, line + 2, sizeof(sendmailst_fn)); found_sendmailst = TRUE; DEBUGMSGTL(("mibII/mta_sendmail.c:read_sendmailcf", "found statatistics file \"%s\"\n", diff --git a/agent/mibgroup/mibII/system_mib.c b/agent/mibgroup/mibII/system_mib.c index 65b0b7c64..8010357e0 100644 --- a/agent/mibgroup/mibII/system_mib.c +++ b/agent/mibgroup/mibII/system_mib.c @@ -309,7 +309,7 @@ init_system_mib(void) if (RegQueryValueEx(hKey, "RegisteredOwner", NULL, NULL, (LPBYTE)registeredOwner, ®isteredOwnerSz) == ERROR_SUCCESS) { - strcpy(sysContact, registeredOwner); + strlcpy(sysContact, registeredOwner, sizeof(sysContact)); } RegCloseKey(hKey); } diff --git a/agent/mibgroup/mibII/vacm_conf.c b/agent/mibgroup/mibII/vacm_conf.c index f2faf8653..c56ed099d 100644 --- a/agent/mibgroup/mibII/vacm_conf.c +++ b/agent/mibgroup/mibII/vacm_conf.c @@ -480,7 +480,7 @@ vacm_parse_authaccess(const char *token, char *confline) for (i = 0; i <= VACM_MAX_VIEWS; i++) { if (viewtypes & (1 << i)) { - strcpy(ap->views[i], view); + strlcpy(ap->views[i], view, sizeof(ap->views[i])); } } ap->contextMatch = prefix; @@ -542,7 +542,7 @@ vacm_parse_setaccess(const char *token, char *param) return; } - strcpy(ap->views[viewnum], viewval); + strlcpy(ap->views[viewnum], viewval, sizeof(ap->views[viewnum])); ap->contextMatch = iprefix; ap->storageType = SNMP_STORAGE_PERMANENT; ap->status = SNMP_ROW_ACTIVE; @@ -598,9 +598,12 @@ vacm_parse_access(const char *token, char *param) config_perror("failed to create access entry"); return; } - strcpy(ap->views[VACM_VIEW_READ], readView); - strcpy(ap->views[VACM_VIEW_WRITE], writeView); - strcpy(ap->views[VACM_VIEW_NOTIFY], notify); + strlcpy(ap->views[VACM_VIEW_READ], readView, + sizeof(ap->views[VACM_VIEW_READ])); + strlcpy(ap->views[VACM_VIEW_WRITE], writeView, + sizeof(ap->views[VACM_VIEW_WRITE])); + strlcpy(ap->views[VACM_VIEW_NOTIFY], notify, + sizeof(ap->views[VACM_VIEW_NOTIFY])); ap->contextMatch = iprefix; ap->storageType = SNMP_STORAGE_PERMANENT; ap->status = SNMP_ROW_ACTIVE; diff --git a/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c b/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c index d28225d14..4e8388eab 100644 --- a/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c +++ b/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.c @@ -12,6 +12,38 @@ static DH *dh_params = NULL; +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +static int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + /* If the fields p and g in d are NULL, the corresponding input + * parameters MUST be non-NULL. q may remain NULL. + */ + if ((dh->p == NULL && p == NULL) + || (dh->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(dh->p); + dh->p = p; + } + if (q != NULL) { + BN_free(dh->q); + dh->q = q; + } + if (g != NULL) { + BN_free(dh->g); + dh->g = g; + } + + if (q != NULL) { + dh->length = BN_num_bits(q); + } + + return 1; +} +#endif + DH * get_dh_params(void) { @@ -22,6 +54,7 @@ get_dh_params(void) void init_usmDHParameters(void) { + BIGNUM *p, *g; static oid usmDHParameters_oid[] = { 1, 3, 6, 1, 3, 101, 1, 1, 1 }; @@ -38,9 +71,9 @@ init_usmDHParameters(void) management apps though */ if (!dh_params) { dh_params = DH_new(); - dh_params->g = BN_new(); - BN_hex2bn(&dh_params->g, "02"); - BN_hex2bn(&dh_params->p, "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"); + BN_hex2bn(&g, "02"); + BN_hex2bn(&p, "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"); + DH_set0_pqg(dh_params, p, NULL, g); } } diff --git a/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c b/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c index 427d26f85..5fc9ca5d0 100644 --- a/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c +++ b/agent/mibgroup/snmp-usm-dh-objects-mib/usmDHUserKeyTable/usmDHUserKeyTable_data_get.c @@ -20,10 +20,64 @@ #include "usmDHUserKeyTable.h" #include "snmp-usm-dh-objects-mib/usmDHParameters/usmDHParameters.h" +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +static int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + /* If the fields p and g in d are NULL, the corresponding input + * parameters MUST be non-NULL. q may remain NULL. + */ + if ((dh->p == NULL && p == NULL) + || (dh->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(dh->p); + dh->p = p; + } + if (q != NULL) { + BN_free(dh->q); + dh->q = q; + } + if (g != NULL) { + BN_free(dh->g); + dh->g = g; + } + + if (q != NULL) { + dh->length = BN_num_bits(q); + } + + return 1; +} + +static void +DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} + +static void +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; +} +#endif + DH * usmDHGetUserDHptr(struct usmUser *user, int for_auth_key) { DH *dh, *dh_params; + const BIGNUM *g, *p; void **theptr; if (user == NULL) @@ -44,9 +98,10 @@ usmDHGetUserDHptr(struct usmUser *user, int for_auth_key) dh_params = get_dh_params(); if (!dh_params) return NULL; - dh->g = BN_dup(dh_params->g); - dh->p = BN_dup(dh_params->p); - if (!dh->g || !dh->p) + DH_get0_pqg(dh_params, &p, NULL, &g); + DH_set0_pqg(dh, BN_dup(p), NULL, BN_dup(g)); + DH_get0_pqg(dh, &p, NULL, &g); + if (!g || !p) return NULL; DH_generate_key(dh); *theptr = dh; @@ -61,6 +116,7 @@ usmDHGetUserKeyChange(struct usmUser *user, int for_auth_key, u_char **keyobj, size_t *keyobj_len) { DH *dh; + const BIGNUM *pub_key; dh = usmDHGetUserDHptr(user, for_auth_key); @@ -70,9 +126,10 @@ usmDHGetUserKeyChange(struct usmUser *user, int for_auth_key, return MFD_ERROR; } - *keyobj_len = BN_num_bytes(dh->pub_key); + DH_get0_key(dh, &pub_key, NULL); + *keyobj_len = BN_num_bytes(pub_key); *keyobj = malloc(*keyobj_len); - BN_bn2bin(dh->pub_key, *keyobj); + BN_bn2bin(pub_key, *keyobj); return MFD_SUCCESS; } diff --git a/agent/mibgroup/target/snmpTargetParamsEntry.c b/agent/mibgroup/target/snmpTargetParamsEntry.c index 4e1f4e2bb..1d29d0b20 100644 --- a/agent/mibgroup/target/snmpTargetParamsEntry.c +++ b/agent/mibgroup/target/snmpTargetParamsEntry.c @@ -686,8 +686,7 @@ var_snmpTargetParamsEntry(struct variable * vp, /* * including null character. */ - memcpy(string, temp_struct->secName, strlen(temp_struct->secName)); - string[strlen(temp_struct->secName)] = '\0'; + strlcpy((char *)string, temp_struct->secName, sizeof(string)); *var_len = strlen(temp_struct->secName); return (unsigned char *) string; diff --git a/agent/mibgroup/ucd-snmp/logmatch.c b/agent/mibgroup/ucd-snmp/logmatch.c index 83b4e4aa7..1b77bf698 100644 --- a/agent/mibgroup/ucd-snmp/logmatch.c +++ b/agent/mibgroup/ucd-snmp/logmatch.c @@ -393,8 +393,9 @@ logmatch_parse_config(const char *token, char *cptr) logmatchTable[logmatchCount].regEx); /* fill in filename with initial data */ - strcpy(logmatchTable[logmatchCount].filename, - logmatchTable[logmatchCount].filenamePattern); + strlcpy(logmatchTable[logmatchCount].filename, + logmatchTable[logmatchCount].filenamePattern, + sizeof(logmatchTable[logmatchCount].filename)); logmatch_update_filename(logmatchTable[logmatchCount].filenamePattern, logmatchTable[logmatchCount].filename); diff --git a/agent/mibgroup/ucd-snmp/proc.c b/agent/mibgroup/ucd-snmp/proc.c index e90c2e8e3..874c2400a 100644 --- a/agent/mibgroup/ucd-snmp/proc.c +++ b/agent/mibgroup/ucd-snmp/proc.c @@ -168,7 +168,7 @@ procfix_parse_config(const char *token, char *cptr) return; } - strcpy(procp->fixcmd, cptr); + strlcpy(procp->fixcmd, cptr, sizeof(procp->fixcmd)); } diff --git a/agent/mibgroup/util_funcs.c b/agent/mibgroup/util_funcs.c index 54068c6e7..ac265bf97 100644 --- a/agent/mibgroup/util_funcs.c +++ b/agent/mibgroup/util_funcs.c @@ -258,7 +258,7 @@ get_exec_output(struct extensible *ex) curtime = time(NULL); if (curtime > (cachetime + NETSNMP_EXCACHETIME) || strcmp(ex->command, lastcmd) != 0) { - strcpy(lastcmd, ex->command); + strlcpy(lastcmd, ex->command, sizeof(lastcmd)); cachetime = curtime; #endif diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c index 8e157ae9f..aee907dd0 100644 --- a/agent/mibgroup/util_funcs/get_pid_from_inode.c +++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c @@ -2,6 +2,7 @@ #include "get_pid_from_inode.h" +#include <net-snmp/library/system.h> /* strlcpy() */ #include <net-snmp/output_api.h> #include <ctype.h> @@ -144,7 +145,8 @@ netsnmp_get_pid_from_inode_init(void) if (filelen + strlen(pidinfo->d_name) > PATH_MAX) continue; - strcpy(path_name + filelen, pidinfo->d_name); + strlcpy(path_name + filelen, pidinfo->d_name, + sizeof(path_name) - filelen); /* The file discriptor is a symbolic link to a socket or a file.*/ /* Thus read the symbolic link.*/ diff --git a/apps/snmpusm.c b/apps/snmpusm.c index 42919bde4..5dd114748 100644 --- a/apps/snmpusm.c +++ b/apps/snmpusm.c @@ -125,6 +125,39 @@ char *usmUserPublic_val = NULL; int docreateandwait = 0; +#if !defined(HAVE_DH_GET0_PQG) + +#include <string.h> +#include <openssl/dh.h> + +void DH_get0_pqg(const DH *dh, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} + +#endif + +#if defined(HAVE_OPENSSL_DH_H) && !defined(HAVE_DH_GET0_KEY) + +#include <string.h> +#include <openssl/dh.h> + +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; +} + +#endif + void usage(void) { @@ -190,7 +223,7 @@ get_USM_DH_key(netsnmp_variable_list *vars, netsnmp_variable_list *dhvar, oid *keyoid, size_t keyoid_len) { u_char *dhkeychange; DH *dh; - BIGNUM *other_pub; + BIGNUM *p, *g, *pub_key, *other_pub; u_char *key; size_t key_len; @@ -205,25 +238,29 @@ get_USM_DH_key(netsnmp_variable_list *vars, netsnmp_variable_list *dhvar, dh = d2i_DHparams(NULL, &cp, dhvar->val_len); } - if (!dh || !dh->g || !dh->p) { + if (dh) + DH_get0_pqg(dh, &p, NULL, &g); + + if (!dh || !g || !p) { SNMP_FREE(dhkeychange); return SNMPERR_GENERR; } - DH_generate_key(dh); - if (!dh->pub_key) { + if (!DH_generate_key(dh)) { SNMP_FREE(dhkeychange); return SNMPERR_GENERR; } - if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { + DH_get0_key(dh, &pub_key, NULL); + + if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { SNMP_FREE(dhkeychange); fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", - (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); + (unsigned long)vars->val_len, BN_num_bytes(pub_key)); return SNMPERR_GENERR; } - BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); + BN_bn2bin(pub_key, dhkeychange + vars->val_len); key_len = DH_size(dh); if (!key_len) { diff --git a/configure b/configure index 433ba5ba2..d7e6bbc64 100755 --- a/configure +++ b/configure @@ -23186,13 +23186,76 @@ eval ac_res=\$$as_ac_Lib $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : -$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h +$as_echo "#define HAVE_EVP_MD_CTX_CREATE 1" >>confdefs.h -$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h +$as_echo "#define HAVE_EVP_MD_CTX_DESTROY 1" >>confdefs.h fi + + as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 +$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } +if eval \${$as_ac_Lib+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-l${CRYPTO} $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char EVP_MD_CTX_new (); +int +main () +{ +return EVP_MD_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Lib=yes" +else + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + +$as_echo "#define HAVE_EVP_MD_CTX_NEW 1" >>confdefs.h + + +$as_echo "#define HAVE_EVP_MD_CTX_FREE 1" >>confdefs.h + +fi + + save_LIBS=$LIBS + LIBS="$LIBS -l${CRYPTO}" + for ac_func in DH_get0_pqg DH_get0_key X509_NAME_ENTRY_get_data X509_NAME_ENTRY_get_object X509_get_signature_nid +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + LIBS=$save_LIBS fi if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DTLSv1_method in -lssl" >&5 @@ -23249,7 +23312,7 @@ if ${ac_cv_lib_ssl_SSL_library_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl -lcrypto $LIBS" +LIBS="-lssl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -23283,11 +23346,55 @@ if test "x$ac_cv_lib_ssl_SSL_library_init" = xyes; then : $as_echo "#define HAVE_LIBSSL 1" >>confdefs.h +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL_init_ssl in -lssl" >&5 +$as_echo_n "checking for OPENSSL_init_ssl in -lssl... " >&6; } +if ${ac_cv_lib_ssl_OPENSSL_init_ssl+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lssl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char OPENSSL_init_ssl (); +int +main () +{ +return OPENSSL_init_ssl (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_ssl_OPENSSL_init_ssl=yes +else + ac_cv_lib_ssl_OPENSSL_init_ssl=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_OPENSSL_init_ssl" >&5 +$as_echo "$ac_cv_lib_ssl_OPENSSL_init_ssl" >&6; } +if test "x$ac_cv_lib_ssl_OPENSSL_init_ssl" = xyes; then : + +$as_echo "#define HAVE_LIBSSL 1" >>confdefs.h + +fi + + if test "$ac_cv_lib_ssl_SSL_library_init" = yes -o "$ac_cv_lib_ssl_OPENSSL_init_ssl" = yes; then LIBCRYPTO=" -lssl $LIBCRYPTO" else as_fn_error $? "The DTLS based transports require the libssl library from OpenSSL to be available" "$LINENO" 5 fi - TLSPROG=yes fi if echo " $transport_result_list " | $GREP " SSH " > /dev/null; then diff --git a/configure.d/config_os_libs2 b/configure.d/config_os_libs2 index 47491e24c..913457522 100644 --- a/configure.d/config_os_libs2 +++ b/configure.d/config_os_libs2 @@ -293,10 +293,23 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then [Define to 1 if you have the `AES_cfb128_encrypt' function.])) AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, - AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], + AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1], [Define to 1 if you have the `EVP_MD_CTX_create' function.]) - AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], + AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1], [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) + + AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, + AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], + [Define to 1 if you have the `EVP_MD_CTX_new' function.]) + AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], + [Define to 1 if you have the `EVP_MD_CTX_free' function.])) + save_LIBS=$LIBS + LIBS="$LIBS -l${CRYPTO}" + AC_CHECK_FUNCS([DH_get0_pqg DH_get0_key ] dnl + [X509_NAME_ENTRY_get_data ] dnl + [X509_NAME_ENTRY_get_object] dnl + [X509_get_signature_nid]) + LIBS=$save_LIBS fi if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then AC_CHECK_LIB(ssl, DTLSv1_method, @@ -309,9 +322,15 @@ if test "x$tryopenssl" != "xno" -a "x$tryopenssl" != "xinternal"; then if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then AC_CHECK_LIB(ssl, SSL_library_init, AC_DEFINE(HAVE_LIBSSL, 1, - [Define to 1 if you have the `ssl' library (-lssl).]) - LIBCRYPTO=" -lssl $LIBCRYPTO", - AC_MSG_ERROR([The DTLS based transports require the libssl library from OpenSSL to be available]) ,-lcrypto) + [Define to 1 if you have the `ssl' library (-lssl).])) + AC_CHECK_LIB(ssl, OPENSSL_init_ssl, + AC_DEFINE(HAVE_LIBSSL, 1, + [Define to 1 if you have the `ssl' library (-lssl).])) + if test "$ac_cv_lib_ssl_SSL_library_init" = yes -o "$ac_cv_lib_ssl_OPENSSL_init_ssl" = yes; then + LIBCRYPTO=" -lssl $LIBCRYPTO" + else + AC_MSG_ERROR([The DTLS based transports require the libssl library from OpenSSL to be available]) + fi TLSPROG=yes fi if echo " $transport_result_list " | $GREP " SSH " > /dev/null; then diff --git a/include/net-snmp/net-snmp-config.h.in b/include/net-snmp/net-snmp-config.h.in index 1db02379b..70389cd97 100644 --- a/include/net-snmp/net-snmp-config.h.in +++ b/include/net-snmp/net-snmp-config.h.in @@ -124,6 +124,12 @@ /* define if you have devstat_getdevs() */ #undef HAVE_DEVSTAT_GETDEVS +/* Define to 1 if you have the `DH_get0_key' function. */ +#undef HAVE_DH_GET0_KEY + +/* Define to 1 if you have the `DH_get0_pqg' function. */ +#undef HAVE_DH_GET0_PQG + /* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H @@ -155,6 +161,12 @@ /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ #undef HAVE_EVP_MD_CTX_DESTROY +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ +#undef HAVE_EVP_MD_CTX_FREE + +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#undef HAVE_EVP_MD_CTX_NEW + /* Define if you have EVP_sha224/256 in openssl */ #undef HAVE_EVP_SHA224 @@ -1298,6 +1310,15 @@ /* Define to 1 if you have the <ws2tcpip.h> header file. */ #undef HAVE_WS2TCPIP_H +/* Define to 1 if you have the `X509_get_signature_nid' function. */ +#undef HAVE_X509_GET_SIGNATURE_NID + +/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ +#undef HAVE_X509_NAME_ENTRY_GET_DATA + +/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ +#undef HAVE_X509_NAME_ENTRY_GET_OBJECT + /* Define to 1 if you have the <xti.h> header file. */ #undef HAVE_XTI_H diff --git a/snmplib/keytools.c b/snmplib/keytools.c index 0ccb3a673..0db988810 100644 --- a/snmplib/keytools.c +++ b/snmplib/keytools.c @@ -149,7 +149,9 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, */ #ifdef NETSNMP_USE_OPENSSL -#ifdef HAVE_EVP_MD_CTX_CREATE +#ifdef HAVE_EVP_MD_CTX_NEW + ctx = EVP_MD_CTX_new(); +#elif HAVE_EVP_MD_CTX_CREATE ctx = EVP_MD_CTX_create(); #else ctx = malloc(sizeof(*ctx)); @@ -259,7 +261,9 @@ generate_Ku(const oid * hashtype, u_int hashtype_len, memset(buf, 0, sizeof(buf)); #ifdef NETSNMP_USE_OPENSSL if (ctx) { -#ifdef HAVE_EVP_MD_CTX_DESTROY +#ifdef HAVE_EVP_MD_CTX_FREE + EVP_MD_CTX_free(ctx); +#elif HAVE_EVP_MD_CTX_DESTROY EVP_MD_CTX_destroy(ctx); #else EVP_MD_CTX_cleanup(ctx); diff --git a/snmplib/scapi.c b/snmplib/scapi.c index 16ac8296f..6693a623c 100644 --- a/snmplib/scapi.c +++ b/snmplib/scapi.c @@ -486,7 +486,9 @@ sc_hash(const oid * hashtype, size_t hashtypelen, const u_char * buf, } /** initialize the pointer */ -#ifdef HAVE_EVP_MD_CTX_CREATE +#ifdef HAVE_EVP_MD_CTX_NEW + cptr = EVP_MD_CTX_new(); +#elif HAVE_EVP_MD_CTX_CREATE cptr = EVP_MD_CTX_create(); #else cptr = malloc(sizeof(*cptr)); @@ -507,7 +509,9 @@ sc_hash(const oid * hashtype, size_t hashtypelen, const u_char * buf, /** do the final pass */ EVP_DigestFinal(cptr, MAC, &tmp_len); *MAC_len = tmp_len; -#ifdef HAVE_EVP_MD_CTX_DESTROY +#ifdef HAVE_EVP_MD_CTX_FREE + EVP_MD_CTX_free(cptr); +#elif HAVE_EVP_MD_CTX_DESTROY EVP_MD_CTX_destroy(cptr); #else #if !defined(OLD_DES) diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c index 3b0eaa837..2337446d0 100644 --- a/snmplib/snmp_openssl.c +++ b/snmplib/snmp_openssl.c @@ -141,6 +141,28 @@ netsnmp_openssl_cert_get_commonName(X509 *ocert, char **buf, int *len) } #ifndef NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES + +#ifndef HAVE_X509_NAME_ENTRY_GET_DATA +static ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) +{ + return ne ? ne->value : NULL; +} +#endif + +#ifndef HAVE_X509_NAME_ENTRY_GET_OBJECT +static ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) +{ + return ne ? ne->object : NULL; +} +#endif + +#ifndef HAVE_X509_GET_SIGNATURE_NID +static int X509_get_signature_nid(const X509 *x) +{ + return OBJ_obj2nid(x->sig_alg->algorithm); +} +#endif + /** netsnmp_openssl_cert_dump_name: dump subject names in cert */ void @@ -148,6 +170,7 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) { int i, onid; X509_NAME_ENTRY *oname_entry; + ASN1_STRING *oname_value; X509_NAME *osubj_name; const char *prefix_short, *prefix_long; @@ -163,12 +186,13 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) for (i = 0; i < X509_NAME_entry_count(osubj_name); i++) { oname_entry = X509_NAME_get_entry(osubj_name, i); netsnmp_assert(NULL != oname_entry); + oname_value = X509_NAME_ENTRY_get_data(oname_entry); - if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) + if (oname_value->type != V_ASN1_PRINTABLESTRING) continue; /** get NID */ - onid = OBJ_obj2nid(oname_entry->object); + onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); if (onid == NID_undef) { prefix_long = prefix_short = "UNKNOWN"; } @@ -179,9 +203,9 @@ netsnmp_openssl_cert_dump_names(X509 *ocert) DEBUGMSGT(("9:cert:dump:names", "[%02d] NID type %d, ASN type %d\n", i, onid, - oname_entry->value->type)); + oname_value->type)); DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, - prefix_short, ASN1_STRING_data(oname_entry->value))); + prefix_short, ASN1_STRING_data(oname_value))); } } #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ @@ -470,7 +494,7 @@ netsnmp_openssl_cert_get_hash_type(X509 *ocert) if (NULL == ocert) return 0; - return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); + return _nid2ht(X509_get_signature_nid(ocert)); } /** @@ -487,7 +511,7 @@ netsnmp_openssl_cert_get_fingerprint(X509 *ocert, int alg) if (NULL == ocert) return NULL; - nid = OBJ_obj2nid(ocert->sig_alg->algorithm); + nid = X509_get_signature_nid(ocert); DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, _nid2ht(nid))); diff --git a/snmplib/vacm.c b/snmplib/vacm.c index c6397855a..bce0186c7 100644 --- a/snmplib/vacm.c +++ b/snmplib/vacm.c @@ -54,6 +54,7 @@ #include <net-snmp/config_api.h> #include <net-snmp/library/snmp_api.h> +#include <net-snmp/library/system.h> /* strlcpy() */ #include <net-snmp/library/tools.h> #include <net-snmp/library/vacm.h> @@ -439,7 +440,7 @@ netsnmp_view_get(struct vacm_viewEntry *head, const char *viewName, if (glen < 0 || glen > VACM_MAX_STRING) return NULL; view[0] = glen; - strcpy(view + 1, viewName); + strlcpy(view + 1, viewName, sizeof(view) - 1); for (vp = head; vp; vp = vp->next) { if (!memcmp(view, vp->viewName, glen + 1) && viewSubtreeLen >= (vp->viewSubtreeLen - 1)) { @@ -522,7 +523,7 @@ netsnmp_view_subtree_check(struct vacm_viewEntry *head, const char *viewName, if (glen < 0 || glen > VACM_MAX_STRING) return VACM_NOTINVIEW; view[0] = glen; - strcpy(view + 1, viewName); + strlcpy(view + 1, viewName, sizeof(view) - 1); DEBUGMSGTL(("9:vacm:checkSubtree", "view %s\n", viewName)); for (vp = head; vp; vp = vp->next) { if (!memcmp(view, vp->viewName, glen + 1)) { @@ -689,7 +690,7 @@ netsnmp_view_create(struct vacm_viewEntry **head, const char *viewName, } vp->viewName[0] = glen; - strcpy(vp->viewName + 1, viewName); + strlcpy(vp->viewName + 1, viewName, sizeof(vp->viewName) - 1); vp->viewSubtree[0] = viewSubtreeLen; memcpy(vp->viewSubtree + 1, viewSubtree, viewSubtreeLen * sizeof(oid)); vp->viewSubtreeLen = viewSubtreeLen + 1; @@ -768,7 +769,7 @@ vacm_getGroupEntry(int securityModel, const char *securityName) if (glen < 0 || glen > VACM_MAX_STRING) return NULL; secname[0] = glen; - strcpy(secname + 1, securityName); + strlcpy(secname + 1, securityName, sizeof(secname) - 1); for (vp = groupList; vp; vp = vp->next) { if ((securityModel == vp->securityModel @@ -817,7 +818,7 @@ vacm_createGroupEntry(int securityModel, const char *securityName) gp->securityModel = securityModel; gp->securityName[0] = glen; - strcpy(gp->securityName + 1, securityName); + strlcpy(gp->securityName + 1, securityName, sizeof(gp->securityName) - 1); lg = groupList; og = NULL; @@ -939,9 +940,9 @@ vacm_getAccessEntry(const char *groupName, return NULL; group[0] = glen; - strcpy(group + 1, groupName); + strlcpy(group + 1, groupName, sizeof(group) - 1); context[0] = clen; - strcpy(context + 1, contextPrefix); + strlcpy(context + 1, contextPrefix, sizeof(context) - 1); for (vp = accessList; vp; vp = vp->next) { if ((securityModel == vp->securityModel || vp->securityModel == SNMP_SEC_MODEL_ANY) @@ -1006,9 +1007,10 @@ vacm_createAccessEntry(const char *groupName, vp->securityModel = securityModel; vp->securityLevel = securityLevel; vp->groupName[0] = glen; - strcpy(vp->groupName + 1, groupName); + strlcpy(vp->groupName + 1, groupName, sizeof(vp->groupName) - 1); vp->contextPrefix[0] = clen; - strcpy(vp->contextPrefix + 1, contextPrefix); + strlcpy(vp->contextPrefix + 1, contextPrefix, + sizeof(vp->contextPrefix) - 1); lp = accessList; while (lp) { diff --git a/win32/net-snmp/net-snmp-config.h b/win32/net-snmp/net-snmp-config.h index 1608563b5..0cc123c6c 100644 --- a/win32/net-snmp/net-snmp-config.h +++ b/win32/net-snmp/net-snmp-config.h @@ -250,6 +250,21 @@ /* Define to 1 if you have the <direct.h> header file. */ #define HAVE_DIRECT_H 1 +/* Define to 1 if you have the `DH_get0_key' function. */ +#define HAVE_DH_GET0_KEY 1 + +/* Define to 1 if you have the `DH_get0_pqg' function. */ +#define HAVE_DH_GET0_PQG 1 + +/* Define to 1 if you have the `X509_get_signature_nid' function. */ +#define HAVE_X509_GET_SIGNATURE_NID 1 + +/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ +#define HAVE_X509_NAME_ENTRY_GET_DATA 1 + +/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ +#define HAVE_X509_NAME_ENTRY_GET_OBJECT 1 + /* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. */ /* #undef HAVE_DIRENT_H */ diff --git a/win32/net-snmp/net-snmp-config.h.in b/win32/net-snmp/net-snmp-config.h.in index 969373012..d576d6c5e 100644 --- a/win32/net-snmp/net-snmp-config.h.in +++ b/win32/net-snmp/net-snmp-config.h.in @@ -250,6 +250,21 @@ /* Define to 1 if you have the <direct.h> header file. */ #define HAVE_DIRECT_H 1 +/* Define to 1 if you have the `DH_get0_key' function. */ +#define HAVE_DH_GET0_KEY 1 + +/* Define to 1 if you have the `DH_get0_pqg' function. */ +#define HAVE_DH_GET0_PQG 1 + +/* Define to 1 if you have the `X509_get_signature_nid' function. */ +#define HAVE_X509_GET_SIGNATURE_NID 1 + +/* Define to 1 if you have the `X509_NAME_ENTRY_get_data' function. */ +#define HAVE_X509_NAME_ENTRY_GET_DATA 1 + +/* Define to 1 if you have the `X509_NAME_ENTRY_get_object' function. */ +#define HAVE_X509_NAME_ENTRY_GET_OBJECT 1 + /* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. */ /* #undef HAVE_DIRENT_H */ -- 2.12.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor