Skip Menu |
 
rt.cpan.org will be shut down on March 1st, 2021.

This queue is for tickets about the Net-SNMP CPAN distribution.

Report information
The Basics
Id: 125269
Status: open
Priority: 0/
Queue: Net-SNMP

People
Owner: dtown [...] cpan.org
Requestors: anexiole [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: Net-SNMP doesn't error properly when snmp connection credentials are incorrect
From: anexiole [...] gmail.com
Download (untitled) / with headers
text/plain 1.7k
this is further describing https://rt.cpan.org/Public/Bug/Display.html?id=124733. When given a set of connection credentials (ie. community string, user id, auth/priv protocols(v3), and so forth), the package 1) Does not return an error , nor does it die (thus allowing for error exceptions to be caught) When I was working on an snmp v3 device, I purposedly configured the privProtocol to be AES and I tried to createa SNMP session using this package with priv protocol of DES. Result? The session object was still passed back and when I did snmp gets, it passed by just giving back an empty ''. This should not been the case because the session should have failed in the first place due to a faulty credential attribute (being the privProtocol). I then put in debugging statements into the SNMP.pm file and found that it was PDU errors which were masked off. Please fix. 2) It clears its errors unnecessarily .. Take for example in Session.pm's constructor, look at lines 356 - 369: 356 # We must validate the object type to prevent blocking and 357 # non-blocking object from existing at the same time. 358 359 if (!defined $this->_object_type_validate()) { 360 return wantarray ? (undef, $this->{_error}) : undef; 361 } 362 363 # Create a Security Model object 364 365 ($this->{_security}, $this->{_error}) = Net::SNMP::Security->new(%argv); 366 if (!defined $this->{_security}) { 367 return wantarray ? (undef, $this->{_error}) : undef; 368 } 369 $this->_error_clear(); 370 371 # Return the object and empty error message (in list context) 372 return wantarray ? ($this, q{}) : $this; 373 } why are we even clearing the error in line 369? If there was an error, it would have been returned by line 367 .
Download (untitled) / with headers
text/plain 268b
Passing just the "-privprotocol" argument without passing "-authkey" or "-authpassword" argument AND "-privkey" or "-privpassword" argument has no effect. Please provide and example showingthe arguments you provided and security debugging turned on: snmp_debug(0x20);
Subject: Re: [rt.cpan.org #125269] Net-SNMP doesn't error properly when snmp connection credentials are incorrect
Date: Fri, 18 May 2018 11:57:15 +1000
To: bug-Net-SNMP [...] rt.cpan.org
From: Gordon Yeong <anexiole [...] gmail.com>
Download (untitled) / with headers
text/plain 795b
it does have an effect. the _priv_password() will run because -priv_password was defined in the arguments (%argv). This shouldnt' be the case. I have my own package that is using Net::SNMP thus I am sanitising my values based on the explicitly defined security Level before I even call the Net::SNMP object to initiate a session and this works... Regards, Gordon Yeong On 18 May 2018 at 06:48, David M. Town via RT <bug-Net-SNMP@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=125269 > > > Passing just the "-privprotocol" argument without passing "-authkey" or > "-authpassword" argument AND "-privkey" or "-privpassword" argument has no > effect. Please provide and example showingthe arguments you provided and > security debugging turned on: snmp_debug(0x20); >


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.