Skip Menu |

This queue is for tickets about the Net-SNMP CPAN distribution.

Report information
The Basics
Id: 127094
Status: open
Priority: 0/
Queue: Net-SNMP
People
Owner: Nobody in particular
Requestors: CARNIL [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Sep 11 15:44:46 2018 CARNIL [...] cpan.org - Ticket created
From: CARNIL [...] cpan.org
Subject: libnet-snmp-perl: Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Net/SNMP.pm line 2620
Hi, We have the following bug reported to the Debian package of Net-SNMP (https://bugs.debian.org/908514): It doesn't seem to be a bug in the packaging, so you may want to take a look. Thanks! ------8<-----------8<-----------8<-----------8<-----------8<----- [...] Hi, I have a script that uses SNMP.pm to connect to a device via snmp v3. While executing the `open` sub there occures the following error due to a missing check if a variable is defined before it is used: ``` Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Net/SNMP.pm line 2620. CRITICAL - cannot create session object: Time synchronization failed during discovery ``` The variable `$this->{_error}` at this line is undefined but is beeing access by `$this->{_error} =~ /usmStatsNotInTimeWindows/`. The following patch fixes this problem by first checking if any error occured (`$this->{_error}` is defined) and only then compares its values: ``` --- SNMP.pm.old 2018-09-10 19:19:39.200267652 +0200 +++ SNMP.pm 2018-09-10 19:18:55.449787618 +0200 @@ -2618,7 +2618,7 @@ # assume that the synchronization has failed. if (($this->{_security}->discovered()) && - ($this->{_error} =~ /usmStatsNotInTimeWindows/)) + ((!$this->{_error}) || $this->{_error} =~ /usmStatsNotInTimeWindows/ )) { $this->_error_clear(); DEBUG_INFO('discovery and synchronization complete'); ``` ------8<-----------8<-----------8<-----------8<-----------8<----- Thanks for considering, Salvatore Bonaccorso, Debian Perl Group
  Fri Dec 28 16:35:58 2018 joy [...] entuzijast.net - Correspondence added
CC: 908514 [...] bugs.debian.org
Subject: [rt.cpan.org #127094] possible duplicate, doubts about the patch and the original code
Date: Fri, 28 Dec 2018 22:12:15 +0100
To: bug-Net-SNMP [...] rt.cpan.org
From: Josip Rodin <joy [...] entuzijast.net>
Hi, If the logic is changed in line 2620 to assume empty _error to be a sign of success, it would contradict the comment above that says "If another error is returned, we assume that the synchronization has failed." This might actually be a duplicate of https://rt.cpan.org/Public/Bug/Display.html?id=75191 Speaking of duplicate reports, I came across this by trying to use a Munin plugin for access MikroTik's SNMP interface, which seems to work fine using SNMP v3 from snmpwalk, but croaks in Net::SNMP with v3. As it turns out, it's been many years now since this code path has been confusing people, judging by mentions of it in numerous online forums, like: * https://forum.centreon.com/forum/centreon-use/centreon-project/6646-centreon-and-snmp-v3/page2 from 2008 * http://www.perl-community.de/bat/poard/thread/13628 from 2009 * https://www.sugarbug.fr/blog/files/supervision_switch_3com_snmpv3.html from 2011 * https://forum.mikrotik.com/viewtopic.php?t=91863 from 2014 * http://gojooz.blogspot.com/2013/10/snmpv3-error-perl-netsnmp-time.html from 2013 * https://sourceforge.net/p/net-snmp/mailman/net-snmp-users/thread/alpine.BSF.2.20.1606121624280.60771%40freesbee.wheel.dk/ from 2016 * https://lists.oetiker.ch/pipermail/mrtg/2016-July/037451.html from 2016 * https://community.opmantek.com/display/NMIS/Perl+Net%3A%3ASNMP+Error%3A+Time+synchronization+failed+during+discovery from 2018 Even if all those devices have not been RFC-compliant, I would still say it's doubtful that the Net::SNMP approach of croaking with a single opaque sentence -- and a code warning on top -- is the right thing to do. -- 2. That which causes joy or happiness.
  Fri Dec 28 16:35:58 2018 The RT System itself - Status changed from 'new' to 'open'
  Sat Mar 09 19:52:02 2019 joy [...] debbugs.entuzijast.net - Correspondence added
CC: 908514 [...] bugs.debian.org
Subject: Re: [rt.cpan.org #127094] possible duplicate, doubts about the patch and the original code
Date: Sun, 10 Mar 2019 01:09:42 +0100
To: bug-Net-SNMP [...] rt.cpan.org
From: Josip Rodin <joy [...] debbugs.entuzijast.net>
On Fri, Dec 28, 2018 at 10:12:15PM +0100, joy wrote: Show quoted text
> * https://forum.mikrotik.com/viewtopic.php?t=91863 from 2014 > > Even if all those devices have not been RFC-compliant
JFTR I had approached MikroTik about their issue, provided a test case and tested a beta, and now with RouterOS 6.44 (released 2019-02-25) Net::SNMP no longer croaks. -- 2. That which causes joy or happiness.