kumquat-buildroot/package/netsnmp/netsnmp-001-CVE-2014-2285.patch
Gustavo Zacarias 517c1deebf netsnmp: security bump to version 5.7.2.1
Fixes CVE-2014-2284 but not CVE-2014-2285 so add a patch for that one.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-03-11 11:50:12 +01:00

32 lines
1.6 KiB
Diff

Fix for CVE-2014-2285 from upstream:
http://sourceforge.net/p/net-snmp/patches/1275/
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
--- net-snmp-5.7.3.pre3/perl/TrapReceiver/TrapReceiver.xs.null 2014-02-25 21:50:16.000000000 +0100
+++ net-snmp-5.7.3.pre3/perl/TrapReceiver/TrapReceiver.xs 2014-03-03 18:59:20.261766270 +0100
@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu
STOREPDUi("securitymodel", pdu->securityModel);
STOREPDUi("securitylevel", pdu->securityLevel);
STOREPDU("contextName",
- newSVpv(pdu->contextName, pdu->contextNameLen));
+ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
STOREPDU("contextEngineID",
- newSVpv((char *) pdu->contextEngineID,
+ newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "",
pdu->contextEngineIDLen));
STOREPDU("securityEngineID",
- newSVpv((char *) pdu->securityEngineID,
+ newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "",
pdu->securityEngineIDLen));
STOREPDU("securityName",
- newSVpv((char *) pdu->securityName, pdu->securityNameLen));
+ newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen));
} else {
STOREPDU("community",
- newSVpv((char *) pdu->community, pdu->community_len));
+ newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len));
}
if (transport && transport->f_fmtaddr) {