From 651723a3069d088845bc6a119def12c8b99be8d4 Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Dec 03 2020 08:13:59 +0000
Subject: Apply patch net-snmp-5.8-sec-memory-leak.patch


patch_name: net-snmp-5.8-sec-memory-leak.patch
present_in_specfile: true

---

diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 100c4d0..25350e6 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -1605,12 +1605,6 @@ free_agent_snmp_session(netsnmp_agent_session *asp)
     DEBUGMSGTL(("verbose:asp", "asp %p reqinfo %p freed\n",
                 asp, asp->reqinfo));
 
-    /* Clean up securityStateRef here to prevent a double free */
-    if (asp->orig_pdu && asp->orig_pdu->securityStateRef)
-	snmp_free_securityStateRef(asp->orig_pdu);
-    if (asp->pdu && asp->pdu->securityStateRef)
-	snmp_free_securityStateRef(asp->pdu);
-
     if (asp->orig_pdu)
         snmp_free_pdu(asp->orig_pdu);
     if (asp->pdu)
diff --git a/include/net-snmp/pdu_api.h b/include/net-snmp/pdu_api.h
index 270aff0..125595d 100644
--- a/include/net-snmp/pdu_api.h
+++ b/include/net-snmp/pdu_api.h
@@ -19,8 +19,6 @@ NETSNMP_IMPORT
 netsnmp_pdu    *snmp_fix_pdu(  netsnmp_pdu *pdu, int idx);
 NETSNMP_IMPORT
 void            snmp_free_pdu( netsnmp_pdu *pdu);
-NETSNMP_IMPORT
-void            snmp_free_securityStateRef( netsnmp_pdu *pdu);
 
 #ifdef __cplusplus
 }
diff --git a/snmplib/snmp_api.c b/snmplib/snmp_api.c
index cbbe280..fa730fd 100644
--- a/snmplib/snmp_api.c
+++ b/snmplib/snmp_api.c
@@ -4034,17 +4034,6 @@ free_securityStateRef(netsnmp_pdu* pdu)
     pdu->securityStateRef = NULL;
 }
 
-/*
- * This function is here to provide a separate call to
- * free the securityStateRef memory. This is needed to prevent
- * a double free if this memory is freed in snmp_free_pdu.
- */
-void
-snmp_free_securityStateRef(netsnmp_pdu* pdu)
-{
-   free_securityStateRef(pdu);
-}
-
 #define ERROR_STAT_LENGTH 11
 
 int
@@ -5473,6 +5462,8 @@ snmp_free_pdu(netsnmp_pdu *pdu)
     if (!pdu)
         return;
 
+    free_securityStateRef(pdu);
+
     /*
      * If the command field is empty, that probably indicates
      *   that this PDU structure has already been freed.
@@ -5647,12 +5638,6 @@ _sess_process_packet_parse_pdu(void *sessp, netsnmp_session * sp,
   }
 
   if (ret != SNMP_ERR_NOERROR) {
-    /*
-     * Call the security model to free any securityStateRef supplied w/ msg.  
-     */
-    if (pdu->securityStateRef != NULL) {
-      free_securityStateRef(pdu);
-    }
     snmp_free_pdu(pdu);
     return NULL;
   }
@@ -5826,12 +5811,6 @@ _sess_process_packet_handle_pdu(void *sessp, netsnmp_session * sp,
     }
   }
 
-  /*
-   * Call USM to free any securityStateRef supplied with the message.  
-   */
-  if (pdu->securityStateRef && pdu->command == SNMP_MSG_TRAP2)
-    free_securityStateRef(pdu);
-
   if (!handled) {
     if (sp->flags & SNMP_FLAGS_SHARED_SOCKET)
       return -2;