netsnmp: bump to version 5.7.2 (9546bc45) · Commits · Dom Sekotill / buildroot

package/netsnmp/netsnmp-CVE-2012-2141.patch

deleted100644 → 0

+0 −36

Original line number	Diff line number	Diff line
		From 4c5633f1603e4bd03ed05c37d782ec8911759c47 Mon Sep 17 00:00:00 2001
		From: Robert Story <rstory@freesnmp.com>
		Date: Mon, 14 May 2012 11:40:06 -0400
		Subject: [PATCH] NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash

		---
		agent/mibgroup/agent/extend.c \| 6 +++++-
		1 files changed, 5 insertions(+), 1 deletions(-)

		diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
		index d00475f..1f8586a 100644
		--- a/agent/mibgroup/agent/extend.c
		+++ b/agent/mibgroup/agent/extend.c
		@@ -1126,7 +1126,7 @@ _extend_find_entry( netsnmp_request_info *request,
		* ...and check the line requested is valid
		*/
		line_idx = *table_info->indexes->next_variable->val.integer;
		- if (eptr->numlines < line_idx)
		+ if (line_idx < 1 \|\| line_idx > eptr->numlines)
		return NULL;
		}
		return eptr;
		@@ -1299,6 +1299,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_handler *handler,
		* Determine which line we've been asked for....
		*/
		line_idx = *table_info->indexes->next_variable->val.integer;
		+ if (line_idx < 1 \|\| line_idx > extension->numlines) {
		+ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
		+ continue;
		+ }
		cp = extension->lines[line_idx-1];

		/*
		--
		1.7.4.1

deleted100644 → 0

+0 −17

Original line number	Diff line number	Diff line
		Fixes runtime error with uClibc (and possibly others).

		Original patch and bug description:
		http://sourceforge.net/tracker/?func=detail&aid=3436528&group_id=12694&atid=312694

		--- net-snmp-5.7.1/agent/mibgroup/host/data_access/swinst_pkginfo.c
		+++ /home/fabled//net-snmp-5.7.1.patched/agent/mibgroup/host/data_access/swinst_pkginfo.c
		@@ -140,7 +140,8 @@
		memcpy( entry->swDate, cp, date_len );
		entry->swDate_len = date_len;
		}
		- closedir( d );
		+ if (d != NULL)
		+ closedir( d );

		DEBUGMSGTL(("swinst:load:arch"," loaded %d entries\n",
		(int)CONTAINER_SIZE(container)));

+1 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@
		#
		#############################################################

		NETSNMP_VERSION = 5.7.1
		NETSNMP_VERSION = 5.7.2
		NETSNMP_SITE = http://downloads.sourceforge.net/project/net-snmp/net-snmp/$(NETSNMP_VERSION)
		NETSNMP_SOURCE = net-snmp-$(NETSNMP_VERSION).tar.gz
		NETSNMP_LICENSE = Various BSD-like