From a54f448a417f6e140d6bcc90cda17c741cabb624 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Tue, 6 Aug 2024 02:47:34 +0000 Subject: automatic import of libsmi --- libsmi-0.4.8-CVE-2010-2891.patch | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 libsmi-0.4.8-CVE-2010-2891.patch (limited to 'libsmi-0.4.8-CVE-2010-2891.patch') diff --git a/libsmi-0.4.8-CVE-2010-2891.patch b/libsmi-0.4.8-CVE-2010-2891.patch new file mode 100644 index 0000000..f27f23c --- /dev/null +++ b/libsmi-0.4.8-CVE-2010-2891.patch @@ -0,0 +1,20 @@ +diff -up libsmi-0.4.8/lib/smi.c.CVE-2010-2891 libsmi-0.4.8/lib/smi.c +--- libsmi-0.4.8/lib/smi.c.CVE-2010-2891 2010-11-01 14:27:57.209065000 -0400 ++++ libsmi-0.4.8/lib/smi.c 2010-11-01 14:29:17.615065001 -0400 +@@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModule + } + + if (isdigit((int)node2[0])) { +- for (oidlen = 0, p = strtok(node2, ". "); p; ++ for (oidlen = 0, p = strtok(node2, ". "); ++ p && oidlen < sizeof(oid)/sizeof(oid[0]); + oidlen++, p = strtok(NULL, ". ")) { + oid[oidlen] = strtoul(p, NULL, 0); + } ++ if (p) { ++ /* the numeric OID is too long */ ++ return NULL; ++ } + nodePtr = getNode(oidlen, oid); + if (nodePtr) { + if (modulePtr) { -- cgit v1.2.3