It looks like there's a memory leak in parse.y when parsing "listen on
addr" lines. Specifically, the memory allocated in host_{v4,v6,dns}
is never freed.

I tested by lowering 'ulimit -d' to a level where unpatched snmpd ran
fine with a file with just "listen on 0.0.0.0" but died on a file with
a million lines of "listen on 0.0.0.0". With the patch below applied,
it ran with the same ulimit using either snmpd.conf.

Index: parse.y
================================================== =================
RCS file: /cvs/src/usr.sbin/snmpd/parse.y,v
retrieving revision 1.11
diff -p -u -r1.11 parse.y
--- parse.y 30 Jan 2008 10:12:45 -0000 1.11
+++ parse.y 23 Feb 2008 04:14:51 -0000
@@ -158,7 +158,7 @@ varset : STRING '=' STRING {

main : LISTEN ON STRING {
struct addresslist al;
- struct address *h;
+ struct address *h, *h2;

TAILQ_INIT(&al);
if (host($3, &al, 1, SNMPD_PORT, NULL, NULL) <= 0) {
@@ -170,6 +170,12 @@ main : LISTEN ON STRING {
h = TAILQ_FIRST(&al);
bcopy(&h->ss, &conf->sc_address.ss, sizeof(*h));
conf->sc_address.port = h->port;
+
+ do {
+ h2 = TAILQ_NEXT(h, entry);
+ free(h);
+ h = h2;
+ } while (h);
}
| READONLY COMMUNITY STRING {
if (strlcpy(conf->sc_rdcommunity, $3,