http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow --- lib/smi.c 2008-04-18 12:42:50.000000000 +0200 +++ lib/smi.c.oden 2010-10-21 11:51:26.925081270 +0200 @@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModule } if (isdigit((int)node2[0])) { - for (oidlen = 0, p = strtok(node2, ". "); p; + for (oidlen = 0, p = strtok(node2, ". "); + p && oidlen < sizeof(oid)/sizeof(oid[0]); oidlen++, p = strtok(NULL, ". ")) { oid[oidlen] = strtoul(p, NULL, 0); } + if (p) { + /* the numeric OID is too long */ + return NULL; + } nodePtr = getNode(oidlen, oid); if (nodePtr) { if (modulePtr) {