Bug #125332 for Net-SNMP: Bug: security level is always set to noauthnopriv

in line 133 , they set the priv protocol and next, in line 148, they evaluate the priv protocol and of course it fails. Wtf? In Net::SNMP::Security::USM : 124 '_time_epoc' => time(), # snmpEngineBoots epoc 125 '_user_name' => q{}, # securityName 126 '_auth_data' => undef, # Authentication data 127 '_auth_key' => undef, # authKey 128 '_auth_password' => undef, # Authentication password 129 '_auth_protocol' => AUTH_PROTOCOL_HMACMD5, # authProtocol 130 '_priv_data' => undef, # Privacy data 131 '_priv_key' => undef, # privKey 132 '_priv_password' => undef, # Privacy password 133 '_priv_protocol' => PRIV_PROTOCOL_DES, # privProtocol 134 '_security_level' => SECURITY_LEVEL_NOAUTHNOPRIV 135 }, $class; 136 137 # We first need to find out if we are an authoritative SNMP 138 # engine and set the authProtocol and privProtocol if they 139 # have been provided. 140 141 foreach (keys %argv) { 142 143 if (/^-?authoritative$/i) { 144 $this->{_authoritative} = (delete $argv{$_}) ? TRUE : FALSE; 145 } elsif (/^-?authprotocol$/i) { 146 $this->_auth_protocol(delete $argv{$_}); 147 } elsif (/^-?privprotocol$/i) { 148 $this->_priv_protocol(delete $argv{$_}); 149 } 150 151 if (defined $this->{_error}) { 152 return wantarray ? (undef, $this->{_error}) : undef; 153 } 154 } 155 156 # Now validate the rest of the passed arguments 157 158 for (keys %argv) { 159 160 if (/^-?version$/i) { 161 $this->_version($argv{$_});

actually, the filter to make sure the $argv{$key} should apply to all.. Should look like this: 143 if ( defined($argv{$$})) 144 { 145 if (/^-?authoritative$/i) { 146 $this->{_authoritative} = (delete $argv{$_}) ? TRUE : FALSE; 147 } elsif (/^-?authprotocol$/i) { 148 $this->_auth_protocol(delete $argv{$_}); 149 } elsif (/^-?privprotocol$/i) { 150 $this->_priv_protocol(delete $argv{$_}); 151 } 152 }

this is another stupid mistake. Different security levels such as authNoPriv dont give a fuck about privpassword or privprotocol. So why check for it? 160 # Now validate the rest of the passed arguments 161 162 for (keys %argv) { 163 164 if (/^-?version$/i) { 165 $this->_version($argv{$_}); 166 } elsif (/^-?debug$/i) { 167 $this->debug($argv{$_}); 168 } elsif ((/^-?engineid$/i) && ($this->{_authoritative})) { 169 $this->_engine_id($argv{$_}); 170 } elsif (/^-?username$/i) { 171 $this->_user_name($argv{$_}); 172 } elsif (/^-?authkey$/i) { 173 $this->_auth_key($argv{$_}); 174 } elsif (/^-?authpassword$/i) { 175 $this->_auth_password($argv{$_}); 176 } elsif (/^-?privkey$/i) { 177 $this->_priv_key($argv{$_}); 178 } elsif (/^-?privpassword$/i) { 179 $this->_priv_password($argv{$_}); 180 } else { 181 $this->_error('The argument "%s" is unknown', $_); 182 } 183 184 if (defined $this->{_error}) { 185 return wantarray ? (undef, $this->{_error}) : undef; 186 } 187 188 }

the bug here is such that there should NEVER be a check for the -priv_password when authNoPriv is being used (ie. no privacy attributes are being fed to the constructor), Net::SNMP::Security::USM::new() elsif (/^-?privpassword$/i) { $this->_priv_password($argv{$_}); }