Fix GH-17330: SNMP::setSecurity segfaults when object had been closed.

devnexen · devnexen · commit 66e090a25d0b · 2025-01-03T11:44:09.000Z
having new macro when the workflow needs to deal with an existing SNMP session.
diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
@@ -87,6 +87,13 @@ typedef struct snmp_session php_snmp_session;
 	} \
 }
 
+#define PHP_SNMP_FETCH_OBJECT 								\
+	snmp_object = Z_SNMP_P(object);							\
+	if (!snmp_object->session) {							\
+		zend_throw_error(NULL, "Invalid or uninitialized SNMP object"); 	\
+		RETURN_THROWS();							\
+	}
+
 ZEND_DECLARE_MODULE_GLOBALS(snmp)
 static PHP_GINIT_FUNCTION(snmp);
 
@@ -1612,6 +1619,8 @@ PHP_METHOD(SNMP, close)
 	php_snmp_object *snmp_object;
 	zval *object = ZEND_THIS;
 
+	// Possibly using fetching object to avoid closing pointlessly,
+	// albeit netsnmp_session_free already checks the session (master?) ?
 	snmp_object = Z_SNMP_P(object);
 
 	if (zend_parse_parameters_none() == FAILURE) {
@@ -1659,7 +1668,7 @@ PHP_METHOD(SNMP, setSecurity)
 	zval *object = ZEND_THIS;
 	zend_string *a1 = NULL, *a2 = NULL, *a3 = NULL, *a4 = NULL, *a5 = NULL, *a6 = NULL, *a7 = NULL;
 
-	snmp_object = Z_SNMP_P(object);
+	PHP_SNMP_FETCH_OBJECT
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "S|SSSSSS", &a1, &a2, &a3, &a4,&a5, &a6, &a7) == FAILURE) {
 		RETURN_THROWS();
diff --git a/ext/snmp/tests/gh17330.phpt b/ext/snmp/tests/gh17330.phpt
@@ -0,0 +1,18 @@
+--TEST--
+SNMP::setSecurity() segfault when the object had been closed.
+--EXTENSIONS--
+snmp
+--CREDITS--
+YuanchengJiang 
+--FILE--
+<?php
+$session = new SNMP(SNMP::VERSION_2c, "localhost", 'timeout_community_432');
+$session->close();
+try {
+	$session->setSecurity('authPriv', 'MD5', '', 'AES', '');
+} catch(Error $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECT--
+Invalid or uninitialized SNMP object
