Accepting request 52949 from network:utilities

Accepted submit request 52949 from user mrdocs

OBS-URL: https://build.opensuse.org/request/show/52949
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsmi?expand=0&rev=9
This commit is contained in:
Ruediger Oertel 2010-11-15 14:57:25 +00:00 committed by Git OBS Bridge
commit 41b7fcd010
3 changed files with 28 additions and 0 deletions

View File

@ -0,0 +1,21 @@
Index: lib/smi.c
===================================================================
--- lib/smi.c (revision 29144)
+++ lib/smi.c (working copy)
@@ -1793,10 +1793,15 @@
}
if (isdigit((int)node2[0])) {
- for (oidlen = 0, p = strtok(node2, ". "); p;
+ for (oidlen = 0, p = strtok(node2, ". ");
+ p && oidlen < sizeof(oid)/sizeof(oid[0]);
oidlen++, p = strtok(NULL, ". ")) {
oid[oidlen] = strtoul(p, NULL, 0);
}
+ if (p) {
+ /* the numeric OID is too long */
+ return NULL;
+ }
nodePtr = getNode(oidlen, oid);
if (nodePtr) {
if (modulePtr) {

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Nov 11 10:38:11 UTC 2010 - nadvornik@novell.com
- fixed buffer overflow CVE-2010-2891 (bnc#649867)
-------------------------------------------------------------------
Mon Mar 29 14:26:21 CEST 2010 - boris@steki.net

View File

@ -29,6 +29,7 @@ Summary: A Library to Access SMI MIB Information
Source: %{name}-%{version}.tar.gz
Patch0: libsmi-0.4.8-parser.patch
Patch1: libsmi-0.4.8-gnu-source.patch
Patch2: libsmi-CVE-2010-2891.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex
@ -95,6 +96,7 @@ Authors:
%setup -q
%patch0 -p1
%patch1 -p1
%patch2
%build
autoreconf --force --install