Accepting request 52799 from home:nadvornik:branches:network:utilities
Reviewed ok - Thanks OBS-URL: https://build.opensuse.org/request/show/52799 OBS-URL: https://build.opensuse.org/package/show/network:utilities/libsmi?expand=0&rev=6
This commit is contained in:
parent
52558ccda0
commit
6b8a30762b
21
libsmi-CVE-2010-2891.patch
Normal file
21
libsmi-CVE-2010-2891.patch
Normal file
|
@ -0,0 +1,21 @@
|
|||
Index: lib/smi.c
|
||||
===================================================================
|
||||
--- lib/smi.c (revision 29144)
|
||||
+++ lib/smi.c (working copy)
|
||||
@@ -1793,10 +1793,15 @@
|
||||
}
|
||||
|
||||
if (isdigit((int)node2[0])) {
|
||||
- for (oidlen = 0, p = strtok(node2, ". "); p;
|
||||
+ for (oidlen = 0, p = strtok(node2, ". ");
|
||||
+ p && oidlen < sizeof(oid)/sizeof(oid[0]);
|
||||
oidlen++, p = strtok(NULL, ". ")) {
|
||||
oid[oidlen] = strtoul(p, NULL, 0);
|
||||
}
|
||||
+ if (p) {
|
||||
+ /* the numeric OID is too long */
|
||||
+ return NULL;
|
||||
+ }
|
||||
nodePtr = getNode(oidlen, oid);
|
||||
if (nodePtr) {
|
||||
if (modulePtr) {
|
|
@ -1,3 +1,8 @@
|
|||
-------------------------------------------------------------------
|
||||
Thu Nov 11 10:38:11 UTC 2010 - nadvornik@novell.com
|
||||
|
||||
- fixed buffer overflow CVE-2010-2891 (bnc#649867)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 29 14:26:21 CEST 2010 - boris@steki.net
|
||||
|
||||
|
|
|
@ -29,6 +29,7 @@ Summary: A Library to Access SMI MIB Information
|
|||
Source: %{name}-%{version}.tar.gz
|
||||
Patch0: libsmi-0.4.8-parser.patch
|
||||
Patch1: libsmi-0.4.8-gnu-source.patch
|
||||
Patch2: libsmi-CVE-2010-2891.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
BuildRequires: bison flex
|
||||
|
@ -95,6 +96,7 @@ Authors:
|
|||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2
|
||||
|
||||
%build
|
||||
autoreconf --force --install
|
||||
|
|
Loading…
Reference in New Issue
Block a user