Overview

File net-snmp-5.7.1-fix-array-index-error.patch of Package net-snmp

commit 4c5633f1603e4bd03ed05c37d782ec8911759c47
Author: Robert Story <rstory@freesnmp.com>
Date:   Mon May 14 11:40:06 2012 -0400

    NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash

Index: net-snmp-5.7.1/agent/mibgroup/agent/extend.c
===================================================================
--- net-snmp-5.7.1.orig/agent/mibgroup/agent/extend.c
+++ net-snmp-5.7.1/agent/mibgroup/agent/extend.c
@@ -1209,7 +1209,7 @@ _extend_find_entry( netsnmp_request_info
              * ...and check the line requested is valid
              */
             line_idx = *table_info->indexes->next_variable->val.integer;
-            if (eptr->numlines < line_idx)
+            if (line_idx < 1 || line_idx > eptr->numlines)
                 return NULL;
         }
     }
@@ -1380,6 +1380,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_
                  * Determine which line we've been asked for....
                  */
                 line_idx = *table_info->indexes->next_variable->val.integer;
+                if (line_idx < 1 || line_idx > extension->numlines) {
+                    netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
+                    continue;
+                }
                 cp  = extension->lines[line_idx-1];
 
                 /*
openSUSE Build Service is sponsored by
Places