+++ /dev/null
-From 4c5633f1603e4bd03ed05c37d782ec8911759c47 Mon Sep 17 00:00:00 2001
-From: Robert Story <rstory@freesnmp.com>
-Date: Mon, 14 May 2012 11:40:06 -0400
-Subject: [PATCH] NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash
-
----
- agent/mibgroup/agent/extend.c | 6 +++++-
- 1 files changed, 5 insertions(+), 1 deletions(-)
-
-diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
-index d00475f..1f8586a 100644
---- a/agent/mibgroup/agent/extend.c
-+++ b/agent/mibgroup/agent/extend.c
-@@ -1126,7 +1126,7 @@ _extend_find_entry( netsnmp_request_info *request,
- * ...and check the line requested is valid
- */
- line_idx = *table_info->indexes->next_variable->val.integer;
-- if (eptr->numlines < line_idx)
-+ if (line_idx < 1 || line_idx > eptr->numlines)
- return NULL;
- }
- return eptr;
-@@ -1299,6 +1299,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_handler *handler,
- * Determine which line we've been asked for....
- */
- line_idx = *table_info->indexes->next_variable->val.integer;
-+ if (line_idx < 1 || line_idx > extension->numlines) {
-+ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
-+ continue;
-+ }
- cp = extension->lines[line_idx-1];
-
- /*
---
-1.7.4.1
-
+++ /dev/null
-Fixes runtime error with uClibc (and possibly others).
-
-Original patch and bug description:
-http://sourceforge.net/tracker/?func=detail&aid=3436528&group_id=12694&atid=312694
-
---- net-snmp-5.7.1/agent/mibgroup/host/data_access/swinst_pkginfo.c
-+++ /home/fabled//net-snmp-5.7.1.patched/agent/mibgroup/host/data_access/swinst_pkginfo.c
-@@ -140,7 +140,8 @@
- memcpy( entry->swDate, cp, date_len );
- entry->swDate_len = date_len;
- }
-- closedir( d );
-+ if (d != NULL)
-+ closedir( d );
-
- DEBUGMSGTL(("swinst:load:arch"," loaded %d entries\n",
- (int)CONTAINER_SIZE(container)));
projects / buildroot.git / commitdiff