FreeBSD Bugzilla – Attachment 159567 Details for
Bug 202099
net-mgmt/net-snmp: Fix CVE-2015-5621
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch file
patch (text/plain), 4.07 KB, created by
Sergey N. Voronkov
on 2015-08-05 08:51:55 UTC
(
hide
)
Description:
patch file
Filename:
MIME Type:
Creator:
Sergey N. Voronkov
Created:
2015-08-05 08:51:55 UTC
Size:
4.07 KB
patch
obsolete
>--- net-snmp.old/Makefile 2015-07-16 11:16:46.000000000 +0500 >+++ net-snmp/Makefile 2015-08-05 13:20:07.000000000 +0500 >@@ -3,7 +3,7 @@ > > PORTNAME= snmp > PORTVERSION= 5.7.3 >-PORTREVISION= 7 >+PORTREVISION= 8 > CATEGORIES= net-mgmt ipv6 > MASTER_SITES= SF/net-${PORTNAME}/net-${PORTNAME}/${PORTVERSION} > PKGNAMEPREFIX= net- >diff -ruN net-snmp.old/files/patch-snmp_api.c >net-snmp/files/patch-snmp_api.c >--- net-snmp.old/files/patch-snmp_api.c 1970-01-01 05:00:00.000000000 +0500 >+++ net-snmp/files/patch-snmp_api.c 2015-08-05 13:21:48.000000000 +0500 >@@ -0,0 +1,117 @@ >+--- snmplib/snmp_api.c.orig 2015-08-05 13:06:13.000000000 +0500 >++++ snmplib/snmp_api.c 2015-08-05 13:14:05.000000000 +0500 >+@@ -4350,10 +4350,9 @@ >+ u_char type; >+ u_char msg_type; >+ u_char *var_val; >+- int badtype = 0; >+ size_t len; >+ size_t four; >+- netsnmp_variable_list *vp = NULL; >++ netsnmp_variable_list *vp = NULL, *vplast = NULL; >+ oid objid[MAX_OID_LEN]; >+ u_char *p; >+ >+@@ -4493,38 +4492,24 @@ >+ (ASN_SEQUENCE | ASN_CONSTRUCTOR), >+ "varbinds"); >+ if (data == NULL) >+- return -1; >++ goto fail; >+ >+ /* >+ * get each varBind sequence >+ */ >+ while ((int) *length > 0) { >+- netsnmp_variable_list *vptemp; >+- vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp)); >+- if (NULL == vptemp) { >+- return -1; >+- } >+- if (NULL == vp) { >+- pdu->variables = vptemp; >+- } else { >+- vp->next_variable = vptemp; >+- } >+- vp = vptemp; >++ vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list); >++ if (NULL == vp) >++ goto fail; >+ >+- vp->next_variable = NULL; >+- vp->val.string = NULL; >+ vp->name_length = MAX_OID_LEN; >+- vp->name = NULL; >+- vp->index = 0; >+- vp->data = NULL; >+- vp->dataFreeHook = NULL; >+ DEBUGDUMPSECTION("recv", "VarBind"); >+ data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type, >+ &vp->val_len, &var_val, length); >+ if (data == NULL) >+- return -1; >++ goto fail; >+ if (snmp_set_var_objid(vp, objid, vp->name_length)) >+- return -1; >++ goto fail; >+ >+ len = MAX_PACKET_LENGTH; >+ DEBUGDUMPHEADER("recv", "Value"); >+@@ -4604,7 +4589,7 @@ >+ vp->val.string = (u_char *) malloc(vp->val_len); >+ } >+ if (vp->val.string == NULL) { >+- return -1; >++ goto fail; >+ } >+ p = asn_parse_string(var_val, &len, &vp->type, vp->val.string, >+ &vp->val_len); >+@@ -4619,7 +4604,7 @@ >+ vp->val_len *= sizeof(oid); >+ vp->val.objid = (oid *) malloc(vp->val_len); >+ if (vp->val.objid == NULL) { >+- return -1; >++ goto fail; >+ } >+ memmove(vp->val.objid, objid, vp->val_len); >+ break; >+@@ -4631,7 +4616,7 @@ >+ case ASN_BIT_STR: >+ vp->val.bitstring = (u_char *) malloc(vp->val_len); >+ if (vp->val.bitstring == NULL) { >+- return -1; >++ goto fail; >+ } >+ p = asn_parse_bitstring(var_val, &len, &vp->type, >+ vp->val.bitstring, &vp->val_len); >+@@ -4640,12 +4625,28 @@ >+ break; >+ default: >+ snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type); >+- badtype = -1; >++ goto fail; >+ break; >+ } >+ DEBUGINDENTADD(-4); >++ >++ if (NULL == vplast) { >++ pdu->variables = vp; >++ } else { >++ vplast->next_variable = vp; >++ } >++ vplast = vp; >++ vp = NULL; >+ } >+- return badtype; >++ return 0; >++ >++ fail: >++ DEBUGMSGTL(("recv", "error while parsing VarBindList\n")); >++ /** if we were parsing a var, remove it from the pdu and free it */ >++ if (vp) >++ snmp_free_var(vp); >++ >++ return -1; >+ } >+ >+ /*
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159567">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202099
: 159567