1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Fix for CVE-2010-2891
Index: libsmi/lib/smi.c
===================================================================
--- libsmi/lib/smi.c (révision 29144)
+++ libsmi/lib/smi.c (révision 29145)
@@ -1793,10 +1793,15 @@
}
if (isdigit((int)node2[0])) {
- for (oidlen = 0, p = strtok(node2, ". "); p;
+ for (oidlen = 0, p = strtok(node2, ". ");
+ p && oidlen < sizeof(oid)/sizeof(oid[0]);
oidlen++, p = strtok(NULL, ". ")) {
oid[oidlen] = strtoul(p, NULL, 0);
}
+ if (p) {
+ /* the numeric OID is too long */
+ return NULL;
+ }
nodePtr = getNode(oidlen, oid);
if (nodePtr) {
if (modulePtr) {
|
