V3 Index out of range

[Setheck]

I'm seeing the following panic,

error: recover: runtime error: slice bounds out of range [:-9061804296214805629]

Stack:goroutine 48 [running]:
github.com/soniah/gosnmp.(*GoSNMP).send.func1(0xc00030f9b0)
    /Users/username/go/pkg/mod/github.com/soniah/gosnmp@v1.27.0/marshal.go:320 +0xa1
panic(0xa207c0, 0xc0004b1b00)
    /usr/local/Cellar/go/1.14.2_1/libexec/src/runtime/panic.go:969 +0x166
github.com/soniah/gosnmp.(*GoSNMP).decryptPacket(0xc0003527e0, 0xc0001c4120, 0x88, 0x8a, 0x50, 0xc000649340, 0x0, 0x0, 0x414157, 0x7f1e5af67068, ...)
    /Users/username/go/pkg/mod/github.com/soniah/gosnmp@v1.27.0/v3.go:437 +0xaa4
github.com/soniah/gosnmp.(*GoSNMP).sendOneRequest(0xc0003527e0, 0xc000649180, 0x1, 0x0, 0xe0, 0xa420c0)
    /Users/username/go/pkg/mod/github.com/soniah/gosnmp@v1.27.0/marshal.go:260 +0xc4b
github.com/soniah/gosnmp.(*GoSNMP).send(0xc0003527e0, 0xc000649180, 0xc000395101, 0x0, 0x0, 0x0)
    /Users/username/go/pkg/mod/github.com/soniah/gosnmp@v1.27.0/marshal.go:343 +0xef
github.com/soniah/gosnmp.(*GoSNMP).Get(0xc0003527e0, 0xc0004b4b70, 0x1, 0x1, 0x22, 0x80, 0x98b4e0)
    /Users/username/go/pkg/mod/github.com/soniah/gosnmp@v1.27.0/gosnmp.go:365 +0x154

line v3.go 437 is

packet = packet[:cursor+tlength]

which makes it seem like the parseLength(packet[cursor:]) calculation is incorrect?

[soniah]

Please see my comment in README:

11 July 2020 - I'm planning on archiving gosnmp, as maintaining it is having too much of an effect on my work and personal life. I started the fork in March 2013 and I've been working on it ever since.

At the moment I'm keeping it open so it can act as a central clearing house for issues and discussions around who is going to fork and maintain gosnmp.

[SuperQ]

I'm posting to all open issues that we now have a community maintainer effort going. If this issue is still valid, please post an update.

[Setheck]

This happened today... Seems like it's the same issue.

2021/08/11 16:08:40 recover: runtime error: index out of range [56] with length 56 Stack:goroutine 1376 [running]:
github.com/gosnmp/gosnmp.(*GoSNMP).send.func1(0xc00049d678)
	/home/runner/go/pkg/mod/github.com/gosnmp/gosnmp@v1.32.0/marshal.go:410 +0xa5
panic(0xc6ab20, 0xc0002919e0)
	/opt/hostedtoolcache/go/1.16.6/x64/src/runtime/panic.go:965 +0x1b9
github.com/gosnmp/gosnmp.parseLength(...)
	/home/runner/go/pkg/mod/github.com/gosnmp/gosnmp@v1.32.0/helper.go:580
github.com/gosnmp/gosnmp.(*GoSNMP).decryptPacket(0xc000683540, 0xc000271440, 0x8b, 0x8b, 0x51, 0xc0006a2fc0, 0x0, 0x0, 0x8, 0x0, ...)
	/home/runner/go/pkg/mod/github.com/gosnmp/gosnmp@v1.32.0/v3.go:442 +0xa1b
github.com/gosnmp/gosnmp.(*GoSNMP).sendOneRequest(0xc000683540, 0xc0006a2e00, 0x1, 0x0, 0xc9cd20, 0xc00068cf01)
	/home/runner/go/pkg/mod/github.com/gosnmp/gosnmp@v1.32.0/marshal.go:313 +0x94c
github.com/gosnmp/gosnmp.(*GoSNMP).send(0xc000683540, 0xc0006a2e00, 0xc0006a1301, 0x0, 0x0, 0x0)
	/home/runner/go/pkg/mod/github.com/gosnmp/gosnmp@v1.32.0/marshal.go:433 +0xf5
github.com/gosnmp/gosnmp.(*GoSNMP).Set(0xc000683540, 0xc0006a13b0, 0x1, 0x1, 0x0, 0xc000541d10, 0x22)
	/home/runner/go/pkg/mod/github.com/gosnmp/gosnmp@v1.32.0/gosnmp.go:413 +0xa6

[Setheck]

Also something interesting... it appears that if i just simply retry it mitigates the issue
Here is the calling code

func (client *GOSNMPClient) SetInt(oid string, value int) error {
	if err := client.Connect(); err != nil {
		return err
	}
	defer client.Conn.Close()

	p := []gosnmp.SnmpPDU{
		{
			Name:  oid,
			Type:  gosnmp.Integer,
			Value: value,
		},
	}

	_, err := client.Set(p)
	return err
}

So the issue seems to stem from the packet being created by mkSnmpPacket() - gosnmp.go line 364
Being created with an invalid length, or the parseLength() function incorrectly parsing a byte slice of length 56

Just for clarity, the GOSNMPClient simply wraps *gosnmp.GoSNMP that is created with

&gosnmp.GoSNMP{
	Target:        ipAddress,
	Port:          161,
	Version:       gosnmp.Version3,
	Timeout:       time.Duration(requestTimeout) * time.Second,
	Retries:       3,
	SecurityModel: gosnmp.UserSecurityModel,
	MsgFlags:      gosnmp.AuthPriv,
	SecurityParameters: &gosnmp.UsmSecurityParameters{
		UserName:                 creds.Username,
		AuthenticationProtocol:   gosnmp.SHA,
		AuthenticationPassphrase: creds.Passphrase,
		PrivacyProtocol:          gosnmp.AES,
		PrivacyPassphrase:        creds.PrivacyKey,
	},
},

[rahul-vunet]

I am facing the same issue. Any workaround for this issue?

[Setheck]

I am facing the same issue. Any workaround for this issue?

I was unable to find a real workaround. Although I did add a simple retry in my app and that mitigated the issue. I found that this never seems to occur twice in a row.

[TomSellers]

Note that this may be fixed by PR #443. There were two issues there that might be related:

• UsmSecurityParameters.decryptPacket() was trying to decrypt by default, even when sp.PrivacyProtocol was NoPriv and so sp.PrivacyKey was an empty slice.
• A integer overflow bug in parseLength could result in length being less than cursor. That being said, in the panic in the original comment tlength was negative which I think has been fixed already.