summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch')
-rw-r--r--net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch192
1 files changed, 192 insertions, 0 deletions
diff --git a/net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch b/net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch
new file mode 100644
index 000000000000..125ccf22b6c7
--- /dev/null
+++ b/net-analyzer/net-snmp/files/net-snmp-5.4.1-CVE-2008-2292.patch
@@ -0,0 +1,192 @@
+r16770 | dts12 | 2007-12-22 22:22:44 +0300 (Сбт, 22 Дек 2007) | 2 lines
+
+CHANGES: perl: BUG: 1826174: Check for buffer overflow when printing values.
+
+CHANGES: python: BUG: 1826174: Check for buffer overflow when printing values.
+Addresses CVE-2008-2292
+
+--- perl/SNMP/SNMP.xs (revision 16769)
++++ perl/SNMP/SNMP.xs (revision 16770)
+@@ -470,14 +470,16 @@
+ if (flag == USE_ENUMS) {
+ for(ep = tp->enums; ep; ep = ep->next) {
+ if (ep->value == *var->val.integer) {
+- strcpy(buf, ep->label);
++ strncpy(buf, ep->label, buf_len);
++ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ break;
+ }
+ }
+ }
+ if (!len) {
+- sprintf(buf,"%ld", *var->val.integer);
++ snprintf(buf, buf_len, "%ld", *var->val.integer);
++ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ }
+ break;
+@@ -486,21 +488,25 @@
+ case ASN_COUNTER:
+ case ASN_TIMETICKS:
+ case ASN_UINTEGER:
+- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
++ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
++ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ break;
+
+ case ASN_OCTET_STR:
+ case ASN_OPAQUE:
+- memcpy(buf, (char*)var->val.string, var->val_len);
+ len = var->val_len;
++ if ( len > buf_len )
++ len = buf_len;
++ memcpy(buf, (char*)var->val.string, len);
+ break;
+
+ case ASN_IPADDRESS:
+- ip = (u_char*)var->val.string;
+- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+- len = strlen(buf);
+- break;
++ ip = (u_char*)var->val.string;
++ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
++ buf[buf_len-1] = '\0';
++ len = strlen(buf);
++ break;
+
+ case ASN_NULL:
+ break;
+@@ -512,14 +518,14 @@
+ break;
+
+ case SNMP_ENDOFMIBVIEW:
+- sprintf(buf,"%s", "ENDOFMIBVIEW");
+- break;
++ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
++ break;
+ case SNMP_NOSUCHOBJECT:
+- sprintf(buf,"%s", "NOSUCHOBJECT");
+- break;
++ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
++ break;
+ case SNMP_NOSUCHINSTANCE:
+- sprintf(buf,"%s", "NOSUCHINSTANCE");
+- break;
++ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
++ break;
+
+ case ASN_COUNTER64:
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+@@ -538,19 +544,19 @@
+ #endif
+
+ case ASN_BIT_STR:
+- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
++ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
+ len = strlen(buf);
+ break;
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ case ASN_OPAQUE_FLOAT:
+- if (var->val.floatVal)
+- sprintf(buf,"%f", *var->val.floatVal);
+- break;
++ if (var->val.floatVal)
++ snprintf(buf, buf_len, "%f", *var->val.floatVal);
++ break;
+
+ case ASN_OPAQUE_DOUBLE:
+- if (var->val.doubleVal)
+- sprintf(buf,"%f", *var->val.doubleVal);
+- break;
++ if (var->val.doubleVal)
++ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
++ break;
+ #endif
+
+ case ASN_NSAP:
+--- python/netsnmp/client_intf.c (revision 16961)
++++ python/netsnmp/client_intf.c (revision 16962)
+@@ -330,14 +330,15 @@
+ if (flag == USE_ENUMS) {
+ for(ep = tp->enums; ep; ep = ep->next) {
+ if (ep->value == *var->val.integer) {
+- strcpy(buf, ep->label);
++ strncpy(buf, ep->label, buf_len);
++ buf[buf_len -1] = 0;
+ len = STRLEN(buf);
+ break;
+ }
+ }
+ }
+ if (!len) {
+- sprintf(buf,"%ld", *var->val.integer);
++ snprintf(buf,"%ld", buf_len, *var->val.integer);
+ len = STRLEN(buf);
+ }
+ break;
+@@ -346,19 +347,21 @@
+ case ASN_COUNTER:
+ case ASN_TIMETICKS:
+ case ASN_UINTEGER:
+- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
++ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
+ len = STRLEN(buf);
+ break;
+
+ case ASN_OCTET_STR:
+ case ASN_OPAQUE:
+- memcpy(buf, (char*)var->val.string, var->val_len);
+ len = var->val_len;
++ if (len > buf_len)
++ len = buf_len;
++ memcpy(buf, (char*)var->val.string, len);
+ break;
+
+ case ASN_IPADDRESS:
+ ip = (u_char*)var->val.string;
+- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
++ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+ len = STRLEN(buf);
+ break;
+
+@@ -372,13 +375,13 @@
+ break;
+
+ case SNMP_ENDOFMIBVIEW:
+- sprintf(buf,"%s", "ENDOFMIBVIEW");
++ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
+ break;
+ case SNMP_NOSUCHOBJECT:
+- sprintf(buf,"%s", "NOSUCHOBJECT");
++ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
+ break;
+ case SNMP_NOSUCHINSTANCE:
+- sprintf(buf,"%s", "NOSUCHINSTANCE");
++ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
+ break;
+
+ case ASN_COUNTER64:
+@@ -398,18 +401,18 @@
+ #endif
+
+ case ASN_BIT_STR:
+- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
++ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
+ len = STRLEN(buf);
+ break;
+ #ifdef OPAQUE_SPECIAL_TYPES
+ case ASN_OPAQUE_FLOAT:
+ if (var->val.floatVal)
+- sprintf(buf,"%f", *var->val.floatVal);
++ snprintf(buf, buf_len, "%f", *var->val.floatVal);
+ break;
+
+ case ASN_OPAQUE_DOUBLE:
+ if (var->val.doubleVal)
+- sprintf(buf,"%f", *var->val.doubleVal);
++ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
+ break;
+ #endif
+