Sophie

Sophie

distrib > Mandriva > 2009.1 > x86_64 > by-pkgid > 6c1a14b44d7e9092347e96b92b7b24e6 > files > 1

libsmi-0.4.8-2.1mdv2009.1.src.rpm


 http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow

--- lib/smi.c	2008-04-18 12:42:50.000000000 +0200
+++ lib/smi.c.oden	2010-10-21 11:51:26.925081270 +0200
@@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModule
     }
 
     if (isdigit((int)node2[0])) {
-	for (oidlen = 0, p = strtok(node2, ". "); p;
+	for (oidlen = 0, p = strtok(node2, ". ");
+	     p && oidlen < sizeof(oid)/sizeof(oid[0]);
 	     oidlen++, p = strtok(NULL, ". ")) {
 	    oid[oidlen] = strtoul(p, NULL, 0);
 	}
+    if (p) {
+        /* the numeric OID is too long */
+        return NULL;
+    }
 	nodePtr = getNode(oidlen, oid);
 	if (nodePtr) {
 	    if (modulePtr) {

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional