Blame SOURCES/libsmi-0.4.8-CVE-2010-2891.patch
|
 |
44c64a |
diff -up libsmi-0.4.8/lib/smi.c.CVE-2010-2891 libsmi-0.4.8/lib/smi.c
|
|
|
44c64a |
--- libsmi-0.4.8/lib/smi.c.CVE-2010-2891 2010-11-01 14:27:57.209065000 -0400
|
|
|
44c64a |
+++ libsmi-0.4.8/lib/smi.c 2010-11-01 14:29:17.615065001 -0400
|
|
|
44c64a |
@@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModule
|
|
|
44c64a |
}
|
|
|
44c64a |
|
|
|
44c64a |
if (isdigit((int)node2[0])) {
|
|
|
44c64a |
- for (oidlen = 0, p = strtok(node2, ". "); p;
|
|
|
44c64a |
+ for (oidlen = 0, p = strtok(node2, ". ");
|
|
|
44c64a |
+ p && oidlen < sizeof(oid)/sizeof(oid[0]);
|
|
|
44c64a |
oidlen++, p = strtok(NULL, ". ")) {
|
|
|
44c64a |
oid[oidlen] = strtoul(p, NULL, 0);
|
|
|
44c64a |
}
|
|
|
44c64a |
+ if (p) {
|
|
|
44c64a |
+ /* the numeric OID is too long */
|
|
|
44c64a |
+ return NULL;
|
|
|
44c64a |
+ }
|
|
|
44c64a |
nodePtr = getNode(oidlen, oid);
|
|
|
44c64a |
if (nodePtr) {
|
|
|
44c64a |
if (modulePtr) {
|