Description: snmpd: Stop reading and writing the mib_indexes/* files
 Caching directory contents is something the operating system should do
 and is not something Net-SNMP should do. Instead of storing a copy of
 the directory contents in ${tmp_dir}/mib_indexes/${n}, always scan a
 MIB directory.
 Fixes: CVE-2020-15861
Author: Bart Van Assche <bvanassche@acm.org>
Origin: upstream
Bug-Debian: https://bugs.debian.org/966599
Applied-Upstream: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2020-07-31
--- a/.gitignore
+++ b/.gitignore
@@ -74,7 +74,6 @@
 man/*.[1358]
 man/default_store.3.h
 man/manaliases
-mibs/.index
 mk/
 module_tmp_header.h
 net-snmp-5*
--- a/include/net-snmp/library/mib.h
+++ b/include/net-snmp/library/mib.h
@@ -124,9 +124,6 @@
     NETSNMP_IMPORT
     char            *netsnmp_get_mib_directory(void);
     void            netsnmp_fixup_mib_directory(void);
-    void            netsnmp_mibindex_load( void );
-    char *          netsnmp_mibindex_lookup( const char * );
-    FILE *          netsnmp_mibindex_new( const char * );
     int             sprint_realloc_description(u_char ** buf, size_t * buf_len,
                                 size_t * out_len, int allow_realloc,
                                 oid * objid, size_t objidlen, int width);
--- a/include/net-snmp/library/parse.h
+++ b/include/net-snmp/library/parse.h
@@ -201,7 +201,7 @@
 #endif
     void            netsnmp_init_mib_internals(void);
     void            unload_all_mibs(void);
-    int             add_mibfile(const char*, const char*, FILE *);
+    int             add_mibfile(const char*, const char*);
     int             which_module(const char *);
     NETSNMP_IMPORT
     char           *module_name(int, char *);
--- a/snmplib/parse.c
+++ b/snmplib/parse.c
@@ -607,8 +607,6 @@
 static int     read_import_replacements(const char *,
                                          struct module_import *);
 
-static void     new_module(const char *, const char *);
-
 static struct node *merge_parse_objectid(struct node *, FILE *, char *);
 static struct index_list *getIndexes(FILE * fp, struct index_list **);
 static struct varbind_list *getVarbinds(FILE * fp, struct varbind_list **);
@@ -4842,7 +4840,7 @@
 #endif /* NETSNMP_FEATURE_REMOVE_PARSE_GET_TOKEN */
 
 int
-add_mibfile(const char* tmpstr, const char* d_name, FILE *ip )
+add_mibfile(const char* tmpstr, const char* d_name)
 {
     FILE           *fp;
     char            token[MAXTOKEN], token2[MAXTOKEN];
@@ -4867,8 +4865,6 @@
      */
     if (get_token(fp, token2, MAXTOKEN) == DEFINITIONS) {
         new_module(token, tmpstr);
-        if (ip)
-            fprintf(ip, "%s %s\n", token, d_name);
         fclose(fp);
         return 0;
     } else {
@@ -4886,62 +4882,16 @@
 int
 add_mibdir(const char *dirname)
 {
-    FILE           *ip;
     DIR            *dir, *dir2;
     const char     *oldFile = File;
     struct dirent  *file;
     char            tmpstr[300];
     int             count = 0;
     int             fname_len = 0;
-#if !(defined(WIN32) || defined(cygwin))
-    char           *token;
-    char space;
-    char newline;
-    struct stat     dir_stat, idx_stat;
-    char            tmpstr1[300];
-#endif
 
     DEBUGMSGTL(("parse-mibs", "Scanning directory %s\n", dirname));
-#if !(defined(WIN32) || defined(cygwin))
-    token = netsnmp_mibindex_lookup( dirname );
-    if (token && stat(token, &idx_stat) == 0 && stat(dirname, &dir_stat) == 0) {
-        if (dir_stat.st_mtime < idx_stat.st_mtime) {
-            DEBUGMSGTL(("parse-mibs", "The index is good\n"));
-            if ((ip = fopen(token, "r")) != NULL) {
-                fgets(tmpstr, sizeof(tmpstr), ip); /* Skip dir line */
-                while (fscanf(ip, "%127s%c%299s%c", token, &space, tmpstr,
-		    &newline) == 4) {
-
-		    /*
-		     * If an overflow of the token or tmpstr buffers has been
-		     * found log a message and break out of the while loop,
-		     * thus the rest of the file tokens will be ignored.
-		     */
-		    if (space != ' ' || newline != '\n') {
-			snmp_log(LOG_ERR,
-			    "add_mibdir: strings scanned in from %s/%s " \
-			    "are too large.  count = %d\n ", dirname,
-			    ".index", count);
-			    break;
-		    }
-		   
-		    snprintf(tmpstr1, sizeof(tmpstr1), "%s/%s", dirname, tmpstr);
-                    tmpstr1[ sizeof(tmpstr1)-1 ] = 0;
-                    new_module(token, tmpstr1);
-                    count++;
-                }
-                fclose(ip);
-                return count;
-            } else
-                DEBUGMSGTL(("parse-mibs", "Can't read index\n"));
-        } else
-            DEBUGMSGTL(("parse-mibs", "Index outdated\n"));
-    } else
-        DEBUGMSGTL(("parse-mibs", "No index\n"));
-#endif
 
     if ((dir = opendir(dirname))) {
-        ip = netsnmp_mibindex_new( dirname );
         while ((file = readdir(dir))) {
             /*
              * Only parse file names that don't begin with a '.' 
@@ -4962,7 +4912,7 @@
                      */
                     closedir(dir2);
                 } else {
-                    if ( !add_mibfile( tmpstr, file->d_name, ip ))
+                    if ( !add_mibfile( tmpstr, file->d_name))
                         count++;
                 }
               }
@@ -4970,8 +4920,6 @@
         }
         File = oldFile;
         closedir(dir);
-        if (ip)
-            fclose(ip);
         return (count);
     }
     else
--- a/snmplib/mib.c
+++ b/snmplib/mib.c
@@ -2598,7 +2598,6 @@
      */
     netsnmp_fixup_mib_directory();
     env_var = strdup(netsnmp_get_mib_directory());
-    netsnmp_mibindex_load();
 
     DEBUGMSGTL(("init_mib",
                 "Seen MIBDIRS: Looking in '%s' for mib dirs ...\n",
@@ -2618,7 +2617,7 @@
         else
             entry = strtok_r(env_var, ENV_SEPARATOR, &st);
         while (entry) {
-            add_mibfile(entry, NULL, NULL);
+            add_mibfile(entry, NULL);
             entry = strtok_r(NULL, ENV_SEPARATOR, &st);
         }
     }
@@ -2768,140 +2767,6 @@
 }
 #endif
 
-
-/*
- * Handle MIB indexes centrally
- */
-static int _mibindex     = 0;   /* Last index in use */
-static int _mibindex_max = 0;   /* Size of index array */
-char     **_mibindexes   = NULL;
-
-int _mibindex_add( const char *dirname, int i );
-void
-netsnmp_mibindex_load( void )
-{
-    DIR *dir;
-    struct dirent *file;
-    FILE *fp;
-    char tmpbuf[ 300];
-    char tmpbuf2[300];
-    int  i;
-    char *cp;
-
-    /*
-     * Open the MIB index directory, or create it (empty)
-     */
-    snprintf( tmpbuf, sizeof(tmpbuf), "%s/mib_indexes",
-              get_persistent_directory());
-    tmpbuf[sizeof(tmpbuf)-1] = 0;
-    dir = opendir( tmpbuf );
-    if ( dir == NULL ) {
-        DEBUGMSGTL(("mibindex", "load: (new)\n"));
-        mkdirhier( tmpbuf, NETSNMP_AGENT_DIRECTORY_MODE, 0);
-        return;
-    }
-
-    /*
-     * Create a list of which directory each file refers to
-     */
-    while ((file = readdir( dir ))) {
-        if ( !isdigit((unsigned char)(file->d_name[0])))
-            continue;
-        i = atoi( file->d_name );
-
-        snprintf( tmpbuf, sizeof(tmpbuf), "%s/mib_indexes/%d",
-              get_persistent_directory(), i );
-        tmpbuf[sizeof(tmpbuf)-1] = 0;
-        fp = fopen( tmpbuf, "r" );
-        if (!fp)
-            continue;
-        cp = fgets( tmpbuf2, sizeof(tmpbuf2), fp );
-        if ( !cp ) {
-            DEBUGMSGTL(("mibindex", "Empty MIB index (%d)\n", i));
-            fclose(fp);
-            continue;
-        }
-        tmpbuf2[strlen(tmpbuf2)-1] = 0;
-        DEBUGMSGTL(("mibindex", "load: (%d) %s\n", i, tmpbuf2));
-        (void)_mibindex_add( tmpbuf2+4, i );  /* Skip 'DIR ' */
-        fclose( fp );
-    }
-    closedir( dir );
-}
-
-char *
-netsnmp_mibindex_lookup( const char *dirname )
-{
-    int i;
-    static char tmpbuf[300];
-
-    for (i=0; i<_mibindex; i++) {
-        if ( _mibindexes[i] &&
-             strcmp( _mibindexes[i], dirname ) == 0) {
-             snprintf(tmpbuf, sizeof(tmpbuf), "%s/mib_indexes/%d",
-                      get_persistent_directory(), i);
-             tmpbuf[sizeof(tmpbuf)-1] = 0;
-             DEBUGMSGTL(("mibindex", "lookup: %s (%d) %s\n", dirname, i, tmpbuf ));
-             return tmpbuf;
-        }
-    }
-    DEBUGMSGTL(("mibindex", "lookup: (none)\n"));
-    return NULL;
-}
-
-int
-_mibindex_add( const char *dirname, int i )
-{
-    const int old_mibindex_max = _mibindex_max;
-
-    DEBUGMSGTL(("mibindex", "add: %s (%d)\n", dirname, i ));
-    if ( i == -1 )
-        i = _mibindex++;
-    if ( i >= _mibindex_max ) {
-        /*
-         * If the index array is full (or non-existent)
-         *   then expand (or create) it
-         */
-        _mibindex_max = i + 10;
-        _mibindexes = realloc(_mibindexes,
-                              _mibindex_max * sizeof(_mibindexes[0]));
-        netsnmp_assert(_mibindexes);
-        memset(_mibindexes + old_mibindex_max, 0,
-               (_mibindex_max - old_mibindex_max) * sizeof(_mibindexes[0]));
-    }
-
-    _mibindexes[ i ] = strdup( dirname );
-    if ( i >= _mibindex )
-        _mibindex = i+1;
-
-    DEBUGMSGTL(("mibindex", "add: %d/%d/%d\n", i, _mibindex, _mibindex_max ));
-    return i;
-}
-    
-FILE *
-netsnmp_mibindex_new( const char *dirname )
-{
-    FILE *fp;
-    char  tmpbuf[300];
-    char *cp;
-    int   i;
-
-    cp = netsnmp_mibindex_lookup( dirname );
-    if (!cp) {
-        i  = _mibindex_add( dirname, -1 );
-        snprintf( tmpbuf, sizeof(tmpbuf), "%s/mib_indexes/%d",
-                  get_persistent_directory(), i );
-        tmpbuf[sizeof(tmpbuf)-1] = 0;
-        cp = tmpbuf;
-    }
-    DEBUGMSGTL(("mibindex", "new: %s (%s)\n", dirname, cp ));
-    fp = fopen( cp, "w" );
-    if (fp)
-        fprintf( fp, "DIR %s\n", dirname );
-    return fp;
-}
-
-
 /**
  * Unloads all mibs.
  */
@@ -2916,15 +2781,6 @@
     }
     tree_head = NULL;
     Mib = NULL;
-    if (_mibindexes) {
-        int i;
-        for (i = 0; i < _mibindex; ++i)
-            SNMP_FREE(_mibindexes[i]);
-        free(_mibindexes);
-        _mibindex = 0;
-        _mibindex_max = 0;
-        _mibindexes = NULL;
-    }
     if (Prefix != NULL && Prefix != &Standard_Prefix[0])
         SNMP_FREE(Prefix);
     if (Prefix)
