php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37564 php-snmp with AES is broken
Submitted: 2006-05-23 17:53 UTC Modified: 2006-07-26 23:57 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: scott dot moynes+php at gmail dot com Assigned:
Status: Closed Package: SNMP related
PHP Version: 5.1.4 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: scott dot moynes+php at gmail dot com
New email:
PHP Version: OS:

 

 [2006-05-23 17:53 UTC] scott dot moynes+php at gmail dot com
Description:
------------
A bug in the source of php-snmp causes use of AES privacy encryption impossible.

Reproduce code:
---------------
//Assuming snmpd is configured appropriately for the user

$result = snmp3_walk("localhost", "user", "authPriv", "sha", "passphrase", "AES", "passphrase",  "system", 1000000, 10);
print_r($result);

Expected result:
----------------
//The output of the system OID
Array
(
  [0] => STRING: Linux smoynes 2.6.11.4-21.10-smp #1 SMP Tue Nov 29 14:32:49 UTC 2005 i686
...
)


Actual result:
--------------
PHP Warning:  %v%v(): An error occurred, quitting in aes_test.php on line 3


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-23 18:10 UTC] scott dot moynes+php at gmail dot com
In snmp.c, one cannot use the OIDSIZE macro for the usmAES128PrivProtocol symbol because it is defined as a oid pointer to usmAESPrivProtocol, not an oid array.
The fix is to change all OIDSIZE(usmAES128PrivProtocol) expressions to USM_PRIV_PROTO_AES_LEN.
This is with net-snmp; not sure about ucd-snmp.
 [2006-05-24 06:41 UTC] tony2001@php.net
We would appreciate a patch in unified diff format.
 [2006-05-24 14:15 UTC] scott dot moynes+php at gmail dot com
diff -ru php-5.1.4/ext/snmp/snmp.c php-5.1.4-cbn/ext/snmp/snmp.c
--- php-5.1.4/ext/snmp/snmp.c   2006-01-01 07:50:13.000000000 -0500
+++ php-5.1.4-cbn/ext/snmp/snmp.c       2006-05-24 10:12:40.000000000 -0400
@@ -831,10 +831,13 @@
 *
 * As we want this extension to compile on both versions, we use the latter
 * symbol on purpose, as it's defined to be the same as the former.
+*
+* However, in 5.2 the type of usmAES128PrivProtocol is a pointer, not an
+* array, so we cannot use the OIDSIZE macro because it uses sizeof().
 */
                        || !strcasecmp(prot, "AES")) {
                        s->securityPrivProto = usmAES128PrivProtocol;
-                       s->securityPrivProtoLen = OIDSIZE(usmAES128PrivProtocol);
+                       s->securityPrivProtoLen = USM_PRIV_PROTO_AES128_LEN;
                        return (0);
 #else
                ) {
 [2006-05-24 17:38 UTC] tony2001@php.net
From what I can see with this patch you're breaking support of SNMP < 5.2. Am I right?
 [2006-05-24 18:55 UTC] scott dot moynes+php at gmail dot com
I cannot confirm without compiling and my employer is not paying me to do that.

However, I do not think so. The patch only modifies the code within the #ifdef SNMP_VALIDATE_ERROR block and that macro was introduced in net-snmp 5.2; the #else block for net-snmp < 5.2 remains unchanged. By inspection of the source code of net-snmp 5.1, I have ensured that the OIDSIZE macro is appropriate for those releases, ie. usmAES128PrivProtocol is an array of oid values.

I have not confirmed that it does not create a compatibility problem for ucd-snmp, but I do not think so because it does not support AES and so the HAVE_AES macro will not be set.

So, by exhaustion of cases, I believe this patch does not break compatibility.
 [2006-07-26 23:57 UTC] sniper@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 08:01:28 2024 UTC