diff -up libsmi-0.4.8/lib/smi.c.CVE-2010-2891 libsmi-0.4.8/lib/smi.c
--- libsmi-0.4.8/lib/smi.c.CVE-2010-2891	2010-11-01 14:27:57.209065000 -0400
+++ libsmi-0.4.8/lib/smi.c	2010-11-01 14:29:17.615065001 -0400
@@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModule
     }
 
     if (isdigit((int)node2[0])) {
-	for (oidlen = 0, p = strtok(node2, ". "); p;
+	for (oidlen = 0, p = strtok(node2, ". ");
+	     p && oidlen < sizeof(oid)/sizeof(oid[0]);
 	     oidlen++, p = strtok(NULL, ". ")) {
 	    oid[oidlen] = strtoul(p, NULL, 0);
 	}
+	if (p) {
+	    /* the numeric OID is too long */
+	    return NULL;
+	}
 	nodePtr = getNode(oidlen, oid);
 	if (nodePtr) {
 	    if (modulePtr) {