Accepting request 52799 from home:nadvornik:branches:network:utilities

Reviewed ok - Thanks OBS-URL: https://build.opensuse.org/request/show/52799 OBS-URL: https://build.opensuse.org/package/show/network:utilities/libsmi?expand=0&rev=6
2010-11-12 18:12:31 +00:00 · 2010-11-12 18:12:31 +00:00 · 6b8a30762b
commit 6b8a30762b
parent 52558ccda0
3 changed files with 28 additions and 0 deletions
--- a/libsmi-CVE-2010-2891.patch
+++ b/libsmi-CVE-2010-2891.patch
@ -0,0 +1,21 @@
+Index: lib/smi.c
+===================================================================
+--- lib/smi.c	(revision 29144)
+++ lib/smi.c	(working copy)
+@@ -1793,10 +1793,15 @@
+     }
+ 
+     if (isdigit((int)node2[0])) {
+-	for (oidlen = 0, p = strtok(node2, ". "); p;
+	for (oidlen = 0, p = strtok(node2, ". ");
+	     p && oidlen < sizeof(oid)/sizeof(oid[0]);
+ 	     oidlen++, p = strtok(NULL, ". ")) {
+ 	    oid[oidlen] = strtoul(p, NULL, 0);
+ 	}
+	if (p) {
+	    /* the numeric OID is too long */
+	    return NULL;
+	}
+ 	nodePtr = getNode(oidlen, oid);
+ 	if (nodePtr) {
+ 	    if (modulePtr) {
--- a/libsmi.changes
+++ b/libsmi.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Nov 11 10:38:11 UTC 2010 - nadvornik@novell.com
+
+- fixed buffer overflow CVE-2010-2891 (bnc#649867)
+
 -------------------------------------------------------------------
 Mon Mar 29 14:26:21 CEST 2010 - boris@steki.net

--- a/libsmi.spec
+++ b/libsmi.spec
@ -29,6 +29,7 @@ Summary:        A Library to Access SMI MIB Information
 Source:         %{name}-%{version}.tar.gz
 Patch0:         libsmi-0.4.8-parser.patch
 Patch1:         libsmi-0.4.8-gnu-source.patch
+Patch2:         libsmi-CVE-2010-2891.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 BuildRequires:  bison flex
@ -95,6 +96,7 @@ Authors:
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2

 %build
 autoreconf --force --install