You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# 7.1.3b
if (
pdu is None
and not reportableFlag
or pduType is not None
and pduType not in rfc3411.confirmedClassPDUs
):
if securityModel in snmpEngine.securityModels: # added
smHandler = snmpEngine.securityModels[securityModel] # added
smHandler.releaseStateInformation(securityStateReference) # added
raise error.StatusInformation(errorIndication=errind.loopTerminated)
Actual behavior
My snmp trap receiver using pysnmp library received a SNMPv3 trap message having invalid password for authentication without the reportableFalg.
The cache for securityStateReference was not popped properly and the memory of the trap receiver was getting increased.
Following is my analysis of the behavior.
prepareDataElement() in proto/mpmod/rfc3412.py calls processIncomingMsg() in proto/secmod/rfc3414/service.py.
processIncomingMsg() pushes a cache to create a message to report later.
# 3.2.11 (moved up here to let Reports be authenticated & encrypted)
self._cache.pop(securityStateReference)
securityStateReference = self._cache.push(
msgUserName=securityParameters.getComponentByPosition(3),
usmUserSecurityName=usmUserSecurityName,
usmUserAuthProtocol=usmUserAuthProtocol,
usmUserAuthKeyLocalized=usmUserAuthKeyLocalized,
usmUserPrivProtocol=usmUserPrivProtocol,
usmUserPrivKeyLocalized=usmUserPrivKeyLocalized,
)
And then, the authenticationFailure exception raises because of the invalid password.
prepareDataElement() calls returnResponsePdu() in proto/rfc3412.py to report the error to the sender of the trap.
returnResponsePdu() calls prepareResponseMessage() in proto/mpmod/rfc3412.py.
prepareResponseMessage() is terminated at the following location without sending the message to report because the reportableFlag is 0.
# 7.1.3b
if (
pdu is None
and not reportableFlag
or pduType is not None
and pduType not in rfc3411.confirmedClassPDUs
):
raise error.StatusInformation(errorIndication=errind.loopTerminated)
So, nobody pops the securityStateReference chache, the cache will be accumulated and the memory of the trap receiver will be increased.
Detailed steps
Following is the detailed steps.
Run a trap receiver using pysnmp library.
Send the SNMPv3 trap message containing one of the followings to the receiver by the snmptrap command.
Invalid Engine ID.
Invalid security name.
Invalid password for authentication.
Invalid password for privacy.
Note:
The problem does not happen under the following conditions.
The trap message is received successfully.
The version of SNMP is v1 or v2c.
Executing the snmptrap command with the "-Ci" option or the snmpinfom command.
Sure, I can do that. Please wait a while for me to make the request.
By the way, I have found additional similar potential issues as follows. I would like to include the additional fixes in the request as well. Is that okay?
Expected behavior
I expect the cache will be popped as follows.
Actual behavior
My snmp trap receiver using pysnmp library received a SNMPv3 trap message having invalid password for authentication without the reportableFalg.
The cache for securityStateReference was not popped properly and the memory of the trap receiver was getting increased.
Following is my analysis of the behavior.
prepareDataElement() in proto/mpmod/rfc3412.py calls processIncomingMsg() in proto/secmod/rfc3414/service.py.
processIncomingMsg() pushes a cache to create a message to report later.
And then, the authenticationFailure exception raises because of the invalid password.
prepareDataElement() calls returnResponsePdu() in proto/rfc3412.py to report the error to the sender of the trap.
returnResponsePdu() calls prepareResponseMessage() in proto/mpmod/rfc3412.py.
prepareResponseMessage() is terminated at the following location without sending the message to report because the reportableFlag is 0.
So, nobody pops the securityStateReference chache, the cache will be accumulated and the memory of the trap receiver will be increased.
Detailed steps
Following is the detailed steps.
Invalid Engine ID.
Invalid security name.
Invalid password for authentication.
Invalid password for privacy.
Note:
The problem does not happen under the following conditions.
Python package information
pysnmp 6.2.4
Operating system information
Red Hat Enterprise Linux release 9.2
Python information
python 3.9
(Optional) Contents of your test script
Relevant log output
The text was updated successfully, but these errors were encountered: