Skip to content

Fix GH-21336: undefined behavior in snmp setSecurity. #21337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
devnexen wants to merge 1 commit into
base: PHP-8.4
Choose a base branch
from
+60 −0
Open

Fix GH-21336: undefined behavior in snmp setSecurity. #21337

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions ext/snmp/snmp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -961,6 +961,10 @@ static bool netsnmp_session_set_sec_level(struct snmp_session *s, zend_string *l
/* {{{ Set the authentication protocol in the snmpv3 session */
static bool netsnmp_session_set_auth_protocol(struct snmp_session *s, zend_string *prot)
{
if (!prot) {
zend_value_error("Authentication protocol can't be NULL");
return false;
}
#ifndef DISABLE_MD5
if (zend_string_equals_literal_ci(prot, "MD5")) {
s->securityAuthProto = usmHMACMD5AuthProtocol;
Expand Down Expand Up @@ -1013,6 +1017,10 @@ static bool netsnmp_session_set_auth_protocol(struct snmp_session *s, zend_strin
/* {{{ Set the security protocol in the snmpv3 session */
static bool netsnmp_session_set_sec_protocol(struct snmp_session *s, zend_string *prot)
{
if (!prot) {
zend_value_error("Security protocol can't be NULL");
return false;
}
#ifndef NETSNMP_DISABLE_DES
if (zend_string_equals_literal_ci(prot, "DES")) {
s->securityPrivProto = usmDESPrivProtocol;
Expand Down Expand Up @@ -1051,6 +1059,12 @@ static bool netsnmp_session_set_sec_protocol(struct snmp_session *s, zend_string
static bool netsnmp_session_gen_auth_key(struct snmp_session *s, zend_string *pass)
{
int snmp_errno;

if (!pass) {
zend_value_error("Authentication key can't be NULL");
return false;
}

s->securityAuthKeyLen = USM_AUTH_KU_LEN;
if ((snmp_errno = generate_Ku(s->securityAuthProto, s->securityAuthProtoLen,
(uint8_t *) ZSTR_VAL(pass), ZSTR_LEN(pass),
Expand All @@ -1067,6 +1081,11 @@ static bool netsnmp_session_gen_sec_key(struct snmp_session *s, zend_string *pas
{
int snmp_errno;

if (!pass) {
zend_value_error("Security key can't be NULL");
return false;
}

s->securityPrivKeyLen = USM_PRIV_KU_LEN;
if ((snmp_errno = generate_Ku(s->securityAuthProto, s->securityAuthProtoLen,
(uint8_t *)ZSTR_VAL(pass), ZSTR_LEN(pass),
Expand Down
41 changes: 41 additions & 0 deletions ext/snmp/tests/gh21336.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
--TEST--
GH-21336 (undefined behavior in snmp - NULL pointer dereference in setSecurity)
--EXTENSIONS--
snmp
--FILE--
<?php
$session = new SNMP(SNMP::VERSION_3, 'localhost', 'user');

// auth protocol NULL
try {
$session->setSecurity('authPriv');
} catch (ValueError $e) {
echo $e->getMessage() . PHP_EOL;
}

// auth passphrase NULL
try {
$session->setSecurity('authNoPriv', 'MD5');
} catch (ValueError $e) {
echo $e->getMessage() . PHP_EOL;
}

// priv protocol NULL
try {
$session->setSecurity('authPriv', 'MD5', 'test12345');
} catch (ValueError $e) {
echo $e->getMessage() . PHP_EOL;
}

// priv passphrase NULL
try {
$session->setSecurity('authPriv', 'MD5', 'test12345', 'AES');
} catch (ValueError $e) {
echo $e->getMessage() . PHP_EOL;
}
?>
--EXPECT--
Authentication protocol can't be NULL
Authentication key can't be NULL
Security protocol can't be NULL
Security key can't be NULL
Loading