This queue is for tickets about the Net-SNMP CPAN distribution.

Report information
The Basics
Id:
127094
Status:
open
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
CARNIL [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
(no value)
Fixed in:
(no value)



From: CARNIL@cpan.org
Subject: libnet-snmp-perl: Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Net/SNMP.pm line 2620
Hi, We have the following bug reported to the Debian package of Net-SNMP (https://bugs.debian.org/908514): It doesn't seem to be a bug in the packaging, so you may want to take a look. Thanks! ------8<-----------8<-----------8<-----------8<-----------8<----- [...] Hi, I have a script that uses SNMP.pm to connect to a device via snmp v3. While executing the `open` sub there occures the following error due to a missing check if a variable is defined before it is used: ``` Use of uninitialized value in pattern match (m//) at /usr/share/perl5/Net/SNMP.pm line 2620. CRITICAL - cannot create session object: Time synchronization failed during discovery ``` The variable `$this->{_error}` at this line is undefined but is beeing access by `$this->{_error} =~ /usmStatsNotInTimeWindows/`. The following patch fixes this problem by first checking if any error occured (`$this->{_error}` is defined) and only then compares its values: ``` --- SNMP.pm.old 2018-09-10 19:19:39.200267652 +0200 +++ SNMP.pm 2018-09-10 19:18:55.449787618 +0200 @@ -2618,7 +2618,7 @@ # assume that the synchronization has failed. if (($this->{_security}->discovered()) && - ($this->{_error} =~ /usmStatsNotInTimeWindows/)) + ((!$this->{_error}) || $this->{_error} =~ /usmStatsNotInTimeWindows/ )) { $this->_error_clear(); DEBUG_INFO('discovery and synchronization complete'); ``` ------8<-----------8<-----------8<-----------8<-----------8<----- Thanks for considering, Salvatore Bonaccorso, Debian Perl Group
CC: 908514@bugs.debian.org
Subject: [rt.cpan.org #127094] possible duplicate, doubts about the patch and the original code
Date: Fri, 28 Dec 2018 22:12:15 +0100
To: bug-Net-SNMP@rt.cpan.org
From: Josip Rodin <joy@entuzijast.net>
Hi, If the logic is changed in line 2620 to assume empty _error to be a sign of success, it would contradict the comment above that says "If another error is returned, we assume that the synchronization has failed." This might actually be a duplicate of https://rt.cpan.org/Public/Bug/Display.html?id=75191 Speaking of duplicate reports, I came across this by trying to use a Munin plugin for access MikroTik's SNMP interface, which seems to work fine using SNMP v3 from snmpwalk, but croaks in Net::SNMP with v3. As it turns out, it's been many years now since this code path has been confusing people, judging by mentions of it in numerous online forums, like: * https://forum.centreon.com/forum/centreon-use/centreon-project/6646-centreon-and-snmp-v3/page2 from 2008 * http://www.perl-community.de/bat/poard/thread/13628 from 2009 * https://www.sugarbug.fr/blog/files/supervision_switch_3com_snmpv3.html from 2011 * https://forum.mikrotik.com/viewtopic.php?t=91863 from 2014 * http://gojooz.blogspot.com/2013/10/snmpv3-error-perl-netsnmp-time.html from 2013 * https://sourceforge.net/p/net-snmp/mailman/net-snmp-users/thread/alpine.BSF.2.20.1606121624280.60771%40freesbee.wheel.dk/ from 2016 * https://lists.oetiker.ch/pipermail/mrtg/2016-July/037451.html from 2016 * https://community.opmantek.com/display/NMIS/Perl+Net%3A%3ASNMP+Error%3A+Time+synchronization+failed+during+discovery from 2018 Even if all those devices have not been RFC-compliant, I would still say it's doubtful that the Net::SNMP approach of croaking with a single opaque sentence -- and a code warning on top -- is the right thing to do. -- 2. That which causes joy or happiness.
CC: 908514@bugs.debian.org
Subject: Re: [rt.cpan.org #127094] possible duplicate, doubts about the patch and the original code
Date: Sun, 10 Mar 2019 01:09:42 +0100
To: bug-Net-SNMP@rt.cpan.org
From: Josip Rodin <joy@debbugs.entuzijast.net>
On Fri, Dec 28, 2018 at 10:12:15PM +0100, joy wrote:
Show quoted text
> * https://forum.mikrotik.com/viewtopic.php?t=91863 from 2014 > > Even if all those devices have not been RFC-compliant
JFTR I had approached MikroTik about their issue, provided a test case and tested a beta, and now with RouterOS 6.44 (released 2019-02-25) Net::SNMP no longer croaks. -- 2. That which causes joy or happiness.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.