Blame SOURCES/libsmi-0.4.8-CVE-2010-2891.patch
|
 |
f409f3 |
diff -up libsmi-0.4.8/lib/smi.c.CVE-2010-2891 libsmi-0.4.8/lib/smi.c
|
|
|
f409f3 |
--- libsmi-0.4.8/lib/smi.c.CVE-2010-2891 2010-11-01 14:27:57.209065000 -0400
|
|
|
f409f3 |
+++ libsmi-0.4.8/lib/smi.c 2010-11-01 14:29:17.615065001 -0400
|
|
|
f409f3 |
@@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModule
|
|
|
f409f3 |
}
|
|
|
f409f3 |
|
|
|
f409f3 |
if (isdigit((int)node2[0])) {
|
|
|
f409f3 |
- for (oidlen = 0, p = strtok(node2, ". "); p;
|
|
|
f409f3 |
+ for (oidlen = 0, p = strtok(node2, ". ");
|
|
|
f409f3 |
+ p && oidlen < sizeof(oid)/sizeof(oid[0]);
|
|
|
f409f3 |
oidlen++, p = strtok(NULL, ". ")) {
|
|
|
f409f3 |
oid[oidlen] = strtoul(p, NULL, 0);
|
|
|
f409f3 |
}
|
|
|
f409f3 |
+ if (p) {
|
|
|
f409f3 |
+ /* the numeric OID is too long */
|
|
|
f409f3 |
+ return NULL;
|
|
|
f409f3 |
+ }
|
|
|
f409f3 |
nodePtr = getNode(oidlen, oid);
|
|
|
f409f3 |
if (nodePtr) {
|
|
|
f409f3 |
if (modulePtr) {
|