pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/49860: DoS against snmpd on netbsd routers
The following reply was made to PR pkg/49860; it has been noted by GNATS.
From: christos%zoulas.com@localhost (Christos Zoulas)
To: 6bone%6bone.informatik.uni-leipzig.de@localhost
Cc: gnats-bugs%NetBSD.org@localhost, pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/49860: DoS against snmpd on netbsd routers
Date: Sat, 2 May 2015 17:06:58 -0400
On May 2, 11:01pm, 6bone%6bone.informatik.uni-leipzig.de@localhost (6bone%6bone.informatik.uni-leipzig.de@localhost) wrote:
-- Subject: Re: pkg/49860: DoS against snmpd on netbsd routers
| On Tue, 28 Apr 2015, Christos Zoulas wrote:
|
| > Looks like that qsort is deadly... I wonder why it thinks it needs to
| > sort something all the time. The arp stuff looks suspect as expected.
| > (if it is related to ndp). I am not sure if I have time to optimize the
| > code, but using a hashmap instead of sorting seems to be a good thing
| > to do.
| >
|
| Yet another information. In normal operation 'ndp -an | wc -l' reports
| nearly 1500 entries.
|
| During the attack ndp reports:
|
| ndp: ioctl(SIOCGNBRINFO_IN6): Invalid argument
| ndp: failed to get neighbor information
| ndp: ioctl(SIOCGNBRINFO_IN6): Invalid argument
| ndp: failed to get neighbor information
| ...
|
| Could that be a problem for the snmpd?
I suspect that the error handling and processing on snmpd is flawed.
Really, I should fix it... But I find the code ugly, so I don't like
working on it.
This comes from here:
if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0)
return error;
s = splsoftnet();
if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL ||
(ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) {
error = EINVAL;
splx(s);
break;
}
Perhaps you can add some debugging code there and print some things?
christos
Home |
Main Index |
Thread Index |
Old Index