diff options
Diffstat (limited to 'libsmi-0.4.8-CVE-2010-2891.patch')
| -rw-r--r-- | libsmi-0.4.8-CVE-2010-2891.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/libsmi-0.4.8-CVE-2010-2891.patch b/libsmi-0.4.8-CVE-2010-2891.patch new file mode 100644 index 0000000..f27f23c --- /dev/null +++ b/libsmi-0.4.8-CVE-2010-2891.patch @@ -0,0 +1,20 @@ +diff -up libsmi-0.4.8/lib/smi.c.CVE-2010-2891 libsmi-0.4.8/lib/smi.c +--- libsmi-0.4.8/lib/smi.c.CVE-2010-2891 2010-11-01 14:27:57.209065000 -0400 ++++ libsmi-0.4.8/lib/smi.c 2010-11-01 14:29:17.615065001 -0400 +@@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModule + } + + if (isdigit((int)node2[0])) { +- for (oidlen = 0, p = strtok(node2, ". "); p; ++ for (oidlen = 0, p = strtok(node2, ". "); ++ p && oidlen < sizeof(oid)/sizeof(oid[0]); + oidlen++, p = strtok(NULL, ". ")) { + oid[oidlen] = strtoul(p, NULL, 0); + } ++ if (p) { ++ /* the numeric OID is too long */ ++ return NULL; ++ } + nodePtr = getNode(oidlen, oid); + if (nodePtr) { + if (modulePtr) { |