Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#958036: nut-snmp: SNMPv3 with privacy method "AES" fails to communicate with UPS
117 views
Skip to first unread message
Wilfried Teiken
Apr 17, 2020, 12:50:03 PM4/17/20
to
Package: nut
Version: 2.7.4-8
Severity: normal
Tags: patch upstream
Dear Maintainer,
when configuring SNMP as v3 with privacy enabled and "privProtocol = AES" in
/etc/nut/ups.conf for the UPS then the communication with the UPS will fail.
The sympton is that on startup the driver will report:
- "Unknown mibs value: apcc" (with "mibs = apcc")
- "No supported device detected" (with "mibs = auto"
Communication with "privProtocol = DES" works if the SNMP endpoint is configured
accordingly, so this only affects the "AES" setting.
The underlying root cause is a length issue for the 'usmAESPrivProtocol'
oid value, causing the wrong privacy string being passed into the net-snmp
library caused by a #define that is leading to a sizeof() with a pointer
instead of the oid array.
See attached patch for a fix.
-- System Information:
Debian Release: 10.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)
Kernel: Linux 4.19.115-clearfog (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages nut depends on:
ii nut-client 2.7.4-8
ii nut-server 2.7.4-8
nut recommends no packages.
nut suggests no packages.
-- no debconf information
Version: 2.7.4-8
Severity: normal
Tags: patch upstream
Dear Maintainer,
when configuring SNMP as v3 with privacy enabled and "privProtocol = AES" in
/etc/nut/ups.conf for the UPS then the communication with the UPS will fail.
The sympton is that on startup the driver will report:
- "Unknown mibs value: apcc" (with "mibs = apcc")
- "No supported device detected" (with "mibs = auto"
Communication with "privProtocol = DES" works if the SNMP endpoint is configured
accordingly, so this only affects the "AES" setting.
The underlying root cause is a length issue for the 'usmAESPrivProtocol'
oid value, causing the wrong privacy string being passed into the net-snmp
library caused by a #define that is leading to a sizeof() with a pointer
instead of the oid array.
See attached patch for a fix.
-- System Information:
Debian Release: 10.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)
Kernel: Linux 4.19.115-clearfog (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages nut depends on:
ii nut-client 2.7.4-8
ii nut-server 2.7.4-8
nut recommends no packages.
nut suggests no packages.
-- no debconf information
Laurent Bigonville
Oct 21, 2022, 3:30:03 PM10/21/22
to
On Fri, 17 Apr 2020 12:32:15 -0400 Wilfried Teiken <wte...@teiken.org>
wrote:
>
> Dear Maintainer,
Hello Wilfried,
>
> when configuring SNMP as v3 with privacy enabled and "privProtocol =
AES" in
> /etc/nut/ups.conf for the UPS then the communication with the UPS
will fail.
>
> The sympton is that on startup the driver will report:
> - "Unknown mibs value: apcc" (with "mibs = apcc")
> - "No supported device detected" (with "mibs = auto"
>
> Communication with "privProtocol = DES" works if the SNMP endpoint is
configured
> accordingly, so this only affects the "AES" setting.
>
> The underlying root cause is a length issue for the 'usmAESPrivProtocol'
> oid value, causing the wrong privacy string being passed into the
net-snmp
> library caused by a #define that is leading to a sizeof() with a pointer
> instead of the oid array.
>
> See attached patch for a fix.
Could you please tell me if you are still experiencing this issue with
the version 2.8.0 that is currently in debian unstable?
I can see that the code to detect
usmAESPrivProtocol/usmAES128PrivProtocol availability has changed.
Also, in the build logs of version 2.7.14, I can see the compiler
complain about the size of these types, while this warning is not
present in version 2.8.0
I think that this is now fixed.
Could you please confirm?
Kind regards,
Laurent Bigonville
wrote:
>
> Dear Maintainer,
Hello Wilfried,
>
> when configuring SNMP as v3 with privacy enabled and "privProtocol =
AES" in
> /etc/nut/ups.conf for the UPS then the communication with the UPS
will fail.
>
> The sympton is that on startup the driver will report:
> - "Unknown mibs value: apcc" (with "mibs = apcc")
> - "No supported device detected" (with "mibs = auto"
>
> Communication with "privProtocol = DES" works if the SNMP endpoint is
configured
> accordingly, so this only affects the "AES" setting.
>
> The underlying root cause is a length issue for the 'usmAESPrivProtocol'
> oid value, causing the wrong privacy string being passed into the
net-snmp
> library caused by a #define that is leading to a sizeof() with a pointer
> instead of the oid array.
>
> See attached patch for a fix.
the version 2.8.0 that is currently in debian unstable?
I can see that the code to detect
usmAESPrivProtocol/usmAES128PrivProtocol availability has changed.
Also, in the build logs of version 2.7.14, I can see the compiler
complain about the size of these types, while this warning is not
present in version 2.8.0
I think that this is now fixed.
Could you please confirm?
Kind regards,
Laurent Bigonville
Wilfried Teiken
Oct 22, 2022, 2:40:03 PM10/22/22
to
Confirmed, version 2.8.0 from unstable properly connects to the UPS with AES. I see a bunch of new errors ("unhandled ASN 0x81 received”) but the ups connection seems working (I get the right output with upsc).
Thanks!
Thanks!
0 new messages