[Pkg-net-snmp-commits] r243 - branches/net-snmp54/debian/patches
jochen at alioth.debian.org
jochen at alioth.debian.org
Tue Jun 3 11:19:55 UTC 2008
Author: jochen
Date: 2008-06-03 11:19:54 +0000 (Tue, 03 Jun 2008)
New Revision: 243
Added:
branches/net-snmp54/debian/patches/48_cve2008_2292_perl.README
branches/net-snmp54/debian/patches/48_cve2008_2292_perl.patch
branches/net-snmp54/debian/patches/49_cve2008_2292_python.README
branches/net-snmp54/debian/patches/49_cve2008_2292_python.patch
Log:
Upstream fixes for CVE-2008-2292
Added: branches/net-snmp54/debian/patches/48_cve2008_2292_perl.README
===================================================================
--- branches/net-snmp54/debian/patches/48_cve2008_2292_perl.README (rev 0)
+++ branches/net-snmp54/debian/patches/48_cve2008_2292_perl.README 2008-06-03 11:19:54 UTC (rev 243)
@@ -0,0 +1 @@
+Upstream Changeset 16770: perl: BUG: 1826174: Check for buffer overflow when printing values.
Added: branches/net-snmp54/debian/patches/48_cve2008_2292_perl.patch
===================================================================
--- branches/net-snmp54/debian/patches/48_cve2008_2292_perl.patch (rev 0)
+++ branches/net-snmp54/debian/patches/48_cve2008_2292_perl.patch 2008-06-03 11:19:54 UTC (rev 243)
@@ -0,0 +1,103 @@
+Index: perl/SNMP/SNMP.xs
+===================================================================
+--- perl/SNMP/SNMP.xs (Revision 16769)
++++ perl/SNMP/SNMP.xs (Revision 16770)
+@@ -470,14 +470,16 @@
+ if (flag == USE_ENUMS) {
+ for(ep = tp->enums; ep; ep = ep->next) {
+ if (ep->value == *var->val.integer) {
+- strcpy(buf, ep->label);
++ strncpy(buf, ep->label, buf_len);
++ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ break;
+ }
+ }
+ }
+ if (!len) {
+- sprintf(buf,"%ld", *var->val.integer);
++ snprintf(buf, buf_len, "%ld", *var->val.integer);
++ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ }
+ break;
+@@ -486,21 +488,25 @@
+ case ASN_COUNTER:
+ case ASN_TIMETICKS:
+ case ASN_UINTEGER:
+- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
++ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
++ buf[buf_len-1] = '\0';
+ len = strlen(buf);
+ break;
+
+ case ASN_OCTET_STR:
+ case ASN_OPAQUE:
+- memcpy(buf, (char*)var->val.string, var->val_len);
+ len = var->val_len;
++ if ( len > buf_len )
++ len = buf_len;
++ memcpy(buf, (char*)var->val.string, len);
+ break;
+
+ case ASN_IPADDRESS:
+- ip = (u_char*)var->val.string;
+- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+- len = strlen(buf);
+- break;
++ ip = (u_char*)var->val.string;
++ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
++ buf[buf_len-1] = '\0';
++ len = strlen(buf);
++ break;
+
+ case ASN_NULL:
+ break;
+@@ -512,14 +518,14 @@
+ break;
+
+ case SNMP_ENDOFMIBVIEW:
+- sprintf(buf,"%s", "ENDOFMIBVIEW");
+- break;
++ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
++ break;
+ case SNMP_NOSUCHOBJECT:
+- sprintf(buf,"%s", "NOSUCHOBJECT");
+- break;
++ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
++ break;
+ case SNMP_NOSUCHINSTANCE:
+- sprintf(buf,"%s", "NOSUCHINSTANCE");
+- break;
++ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
++ break;
+
+ case ASN_COUNTER64:
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+@@ -538,19 +544,19 @@
+ #endif
+
+ case ASN_BIT_STR:
+- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
++ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
+ len = strlen(buf);
+ break;
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+ case ASN_OPAQUE_FLOAT:
+- if (var->val.floatVal)
+- sprintf(buf,"%f", *var->val.floatVal);
+- break;
++ if (var->val.floatVal)
++ snprintf(buf, buf_len, "%f", *var->val.floatVal);
++ break;
+
+ case ASN_OPAQUE_DOUBLE:
+- if (var->val.doubleVal)
+- sprintf(buf,"%f", *var->val.doubleVal);
+- break;
++ if (var->val.doubleVal)
++ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
++ break;
+ #endif
+
+ case ASN_NSAP:
Added: branches/net-snmp54/debian/patches/49_cve2008_2292_python.README
===================================================================
--- branches/net-snmp54/debian/patches/49_cve2008_2292_python.README (rev 0)
+++ branches/net-snmp54/debian/patches/49_cve2008_2292_python.README 2008-06-03 11:19:54 UTC (rev 243)
@@ -0,0 +1 @@
+Upstream Changeset 16962: python: BUG: 1826174: Check for buffer overflow when printing values.
Added: branches/net-snmp54/debian/patches/49_cve2008_2292_python.patch
===================================================================
--- branches/net-snmp54/debian/patches/49_cve2008_2292_python.patch (rev 0)
+++ branches/net-snmp54/debian/patches/49_cve2008_2292_python.patch 2008-06-03 11:19:54 UTC (rev 243)
@@ -0,0 +1,86 @@
+Index: python/netsnmp/client_intf.c
+===================================================================
+--- python/netsnmp/client_intf.c (Revision 16961)
++++ python/netsnmp/client_intf.c (Revision 16962)
+@@ -330,14 +330,15 @@
+ if (flag == USE_ENUMS) {
+ for(ep = tp->enums; ep; ep = ep->next) {
+ if (ep->value == *var->val.integer) {
+- strcpy(buf, ep->label);
++ strncpy(buf, ep->label, buf_len);
++ buf[buf_len -1] = 0;
+ len = STRLEN(buf);
+ break;
+ }
+ }
+ }
+ if (!len) {
+- sprintf(buf,"%ld", *var->val.integer);
++ snprintf(buf,"%ld", buf_len, *var->val.integer);
+ len = STRLEN(buf);
+ }
+ break;
+@@ -346,19 +347,21 @@
+ case ASN_COUNTER:
+ case ASN_TIMETICKS:
+ case ASN_UINTEGER:
+- sprintf(buf,"%lu", (unsigned long) *var->val.integer);
++ snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
+ len = STRLEN(buf);
+ break;
+
+ case ASN_OCTET_STR:
+ case ASN_OPAQUE:
+- memcpy(buf, (char*)var->val.string, var->val_len);
+ len = var->val_len;
++ if (len > buf_len)
++ len = buf_len;
++ memcpy(buf, (char*)var->val.string, len);
+ break;
+
+ case ASN_IPADDRESS:
+ ip = (u_char*)var->val.string;
+- sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
++ snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+ len = STRLEN(buf);
+ break;
+
+@@ -372,13 +375,13 @@
+ break;
+
+ case SNMP_ENDOFMIBVIEW:
+- sprintf(buf,"%s", "ENDOFMIBVIEW");
++ snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
+ break;
+ case SNMP_NOSUCHOBJECT:
+- sprintf(buf,"%s", "NOSUCHOBJECT");
++ snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
+ break;
+ case SNMP_NOSUCHINSTANCE:
+- sprintf(buf,"%s", "NOSUCHINSTANCE");
++ snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
+ break;
+
+ case ASN_COUNTER64:
+@@ -398,18 +401,18 @@
+ #endif
+
+ case ASN_BIT_STR:
+- snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
++ snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
+ len = STRLEN(buf);
+ break;
+ #ifdef OPAQUE_SPECIAL_TYPES
+ case ASN_OPAQUE_FLOAT:
+ if (var->val.floatVal)
+- sprintf(buf,"%f", *var->val.floatVal);
++ snprintf(buf, buf_len, "%f", *var->val.floatVal);
+ break;
+
+ case ASN_OPAQUE_DOUBLE:
+ if (var->val.doubleVal)
+- sprintf(buf,"%f", *var->val.doubleVal);
++ snprintf(buf, buf_len, "%f", *var->val.doubleVal);
+ break;
+ #endif
+
More information about the Pkg-net-snmp-commits
mailing list