snmptrapd Segmentation Faults When Calling my_load_defaults()

Attached is a patch that resolves the issue on Focal.

Hi Matthew,

Thanks for the debdiff; sponsored to focal!

I just fixed the Description: field in the patch DEP3 headers,
which isn't as free-form as Subject: line + unstructured text.
(Please see sample in DEP-3 [1] and multiline fields/paragraph
separators in Debian Policy [2] for details, if you'd like it.)

Everything else looks excellent, and I'll just document checks.

cheers,
Mauricio

- Built successfully on all architectures with focal-proposed [0].

- Upstream source code remains the same as with this change,
as of commit 4d43fbd64a07 ("Makefile.in: Only build the fuzzing tests in regular mode").

- Focal's MySQL source code, of course, defines the relied upon
function mysql_options():

    int STDCALL mysql_options(MYSQL *mysql, enum mysql_option option,
                              const void *arg);

- Supported releases after Focal already have the fix:

 $ git describe --contains 011342d8e453b9e0585bf77f659d80c648df8c9f
 v5.8.1.pre1~91

 $ rmadison --arch=source net-snmp
 ...
  net-snmp | 5.8+dfsg-2ubuntu2 | focal | source
  net-snmp | 5.8+dfsg-2ubuntu2.3 | focal-security | source
  net-snmp | 5.8+dfsg-2ubuntu2.3 | focal-updates | source
  net-snmp | 5.9.1+dfsg-1ubuntu2 | jammy | source
  net-snmp | 5.9.1+dfsg-1ubuntu2.1 | jammy-updates | source
  net-snmp | 5.9.1+dfsg-4ubuntu1 | kinetic | source

- The backport delta (thanks for noting it in DEP-3's Origin:)
is 2 context lines:

 - /* Define to 1 if you have the <my_global.h> header file. */
 - #undef HAVE_MY_GLOBAL_H
 + /* Define if MY_INIT() is availabe in libmysqlclient */
 + #undef HAVE_MY_INIT

- The patch seems to no longer accept command line arguments to
specify connection parameters to MySQL, but it looks like that
was never the purpose (just some flexibility, I guess) per:

* the original code commit

* the comment "load .my.cnf values" in the failing / now disabled calls:

     /** load .my.cnf values */
 #if HAVE_MY_LOAD_DEFAULTS
     my_load_defaults ("my", _sql.groups, &not_argc, &not_argv, 0);
 #elif defined(HAVE_LOAD_DEFAULTS)
     load_defaults ("my", _sql.groups, &not_argc, &not_argv);

* the usage of mysql_options(MYSQL_READ_DEFAULT_GROUP) [3]:

   MYSQL_READ_DEFAULT_GROUP (argument type: char *)

   Read options from the named group from my.cnf or the file specified with MYSQL_READ_DEFAULT_FILE.

* Most importantly, the project's README.sql file:

 net-snmp-5.8+dfsg$ head -n15 README.sql
 snmptrapd MySQL Logging
 -----------------------

 A trap handler for logging traps to a MySQL database was added
 in release 5.5.0.

 The MySQL database location and password must be configured in
 /root/.my.cnf:

  [snmptrapd]
  host=localhost
  password=sql

 User may also be configured, if using a MySQL user besides root.

[0] https://launchpad.net/~mfo/+archive/ubuntu/lp1979933
[1] https://dep-team.pages.debian.net/deps/dep3/
[2] https://www.debian.org/doc/debian-policy/ch-controlfields.html#syntax-of-control-files
[3] https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html

The new upload in the -unapproved upload queue has been bumped by a security update, and so, attaching a new debdiff rebased to the current package in -updates and -security.

Mauricio, could you please sponsor the new debdiff?

I took the feedback on Description field formatting into account, should be fixed on this debdiff.

Hey Matthew,

Sure; uploaded to Focal.

I've reviewed the differences between the debdiffs (all good) and that the security update isn't related to the change content (no expected/incremental behavior change; all good), and build tested it.

Thanks for the prompt reaction/update on top of the security pocket, and the DEP3 change.

cheers,
Mauricio

In this upload you're patching the generated configure script directly, but not configure.ac. This may cause problems with future updates, including security updates, if the configure script needs to be regenerated. Did you attempt to use dh-autoreconf?

Oh, you did indirectly patch configure.ac by patching configure.d/, sorry.

I asked in #ubuntu-devel about this, and the conclusion is that this is OK:

https://irclogs.ubuntu.com/2022/08/03//%23ubuntu-devel.html#t11:56

Hello Matthew, or anyone else affected,

Accepted net-snmp into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/net-snmp/5.8+dfsg-2ubuntu2.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Performing verification for Focal

I install snmptrapd 5.8+dfsg-2ubuntu2.4 from updates, and edited /etc/snmp/snmptrapd.conf to have the following contents:

disableAuthorization yes
traphandle default /usr/bin/logger
sqlMaxQueue 1
sqlSaveInterval 9

I disabled all snmptrapd services:

$ sudo systemctl stop snmptrapd.service
$ sudo systemctl stop snmpd.service

and then tried to start snmptrapd, but received a segmentation fault:

$ sudo /usr/sbin/snmptrapd -LOw -f
Segmentation fault

From syslog:
Aug 4 00:47:45 focal-snmp kernel: [ 1615.972207] snmptrapd[5293]: segfault at 8 ip 00007f4879003680 sp 00007ffe914993f0 error 4 in libmysqlclient.so.21.2.30[7f4878f93000+130000]
Aug 4 00:47:45 focal-snmp kernel: [ 1615.972229] Code: 5c 41 5d 41 5e 5d c3 e8 0e 17 f9 ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41 55 49 89 fd 41 54 53 48 83 ec 08 <4c> 8b 67 08 48 8b 47 10 4c 29 e0 48 83 f8 37 0f 86 cb 00 00 00 49

I then enabled -proposed and installed snmptrapd 5.8+dfsg-2ubuntu2.5.

Again, I stopped the services:

$ sudo systemctl stop snmptrapd.service
$ sudo systemctl stop snmpd.service

and tried to start snmptrapd:

$ sudo /usr/sbin/snmptrapd -LOw -f
mysql_real_connect() failed
Error 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

This time we no longer segmentation fault, and snmptrapd keeps running.

The package in -proposed fixes the issue, happy to mark verified.

This bug was fixed in the package net-snmp - 5.8+dfsg-2ubuntu2.5

---------------
net-snmp (5.8+dfsg-2ubuntu2.5) focal; urgency=medium

  * Fix segmentation fault when attempting to initialise mysql
    connections due to incorrectly calling my_load_defaults()
    (LP: #1979933).
    - d/p/lp1979933-snmptrapd-Let-configure-check-for-mysql_options.patch

 -- Matthew Ruffell <email address hidden> Tue, 02 Aug 2022 15:55:28 +1200

The verification of the Stable Release Update for net-snmp has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.