From patchwork Tue Aug 21 12:19:42 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gustavo Zacarias X-Patchwork-Id: 179051 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ozlabs.org (Postfix) with ESMTP id 302142C00BD for ; Tue, 21 Aug 2012 22:20:03 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 172548C91A; Tue, 21 Aug 2012 12:19:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sSwX0hDOhUZg; Tue, 21 Aug 2012 12:19:56 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 7A4508C89A; Tue, 21 Aug 2012 12:19:55 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 78EF48F791 for ; Tue, 21 Aug 2012 12:19:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 71BEE8C89A for ; Tue, 21 Aug 2012 12:19:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjPlUaY5jzyE for ; Tue, 21 Aug 2012 12:19:51 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from loknar.toptech.com.ar (loknar.toptech.com.ar [85.10.205.246]) by whitealder.osuosl.org (Postfix) with ESMTPS id 7EA6F8C771 for ; Tue, 21 Aug 2012 12:19:51 +0000 (UTC) Received: from asgard (host189.200-117-175.telecom.net.ar [200.117.175.189]) (authenticated bits=0) by loknar.toptech.com.ar (8.14.5/8.14.5) with ESMTP id q7LCJg0k015225 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 21 Aug 2012 12:19:46 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zacarias.com.ar; s=dkey; t=1345551588; bh=m5KapEmWi/h+rDHaI/4rwLTnU2BJCKOW3sVVz+UOWK0=; h=From:To:Cc:Subject:Date; b=kl/DBHIezBWMajIaz7McIAHgh7MhEX/x91cTkfebMi+eCCj/iRxEWvKDp5Bp7RNaX lrkDRtaOoKpQXkLLRi5ewrs7U8NFzVFbM4VvZyT7+M1RYVcsb4V6PThF9oQzct4OpW olfkxQPccHHAYsYB6fR1k2dFGyhiTBMjFuG+SUW0= Received: by asgard (sSMTP sendmail emulation); Tue, 21 Aug 2012 09:19:42 -0300 From: Gustavo Zacarias To: buildroot@busybox.net Date: Tue, 21 Aug 2012 09:19:42 -0300 Message-Id: <1345551582-3645-1-git-send-email-gustavo@zacarias.com.ar> X-Mailer: git-send-email 1.7.8.6 X-Virus-Scanned: clamav-milter 0.97.5 at loknar X-Virus-Status: Clean Subject: [Buildroot] [PATCH] netsnmp: add fix for CVE-2012-2141 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net Signed-off-by: Gustavo Zacarias Acked-by: Luca Ceresoli Tested-by: Luca Ceresoli --- package/netsnmp/netsnmp-CVE-2012-2141.patch | 36 +++++++++++++++++++++++++++ 1 files changed, 36 insertions(+), 0 deletions(-) create mode 100644 package/netsnmp/netsnmp-CVE-2012-2141.patch diff --git a/package/netsnmp/netsnmp-CVE-2012-2141.patch b/package/netsnmp/netsnmp-CVE-2012-2141.patch new file mode 100644 index 0000000..1b34b9c --- /dev/null +++ b/package/netsnmp/netsnmp-CVE-2012-2141.patch @@ -0,0 +1,36 @@ +From 4c5633f1603e4bd03ed05c37d782ec8911759c47 Mon Sep 17 00:00:00 2001 +From: Robert Story +Date: Mon, 14 May 2012 11:40:06 -0400 +Subject: [PATCH] NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash + +--- + agent/mibgroup/agent/extend.c | 6 +++++- + 1 files changed, 5 insertions(+), 1 deletions(-) + +diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c +index d00475f..1f8586a 100644 +--- a/agent/mibgroup/agent/extend.c ++++ b/agent/mibgroup/agent/extend.c +@@ -1126,7 +1126,7 @@ _extend_find_entry( netsnmp_request_info *request, + * ...and check the line requested is valid + */ + line_idx = *table_info->indexes->next_variable->val.integer; +- if (eptr->numlines < line_idx) ++ if (line_idx < 1 || line_idx > eptr->numlines) + return NULL; + } + return eptr; +@@ -1299,6 +1299,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_handler *handler, + * Determine which line we've been asked for.... + */ + line_idx = *table_info->indexes->next_variable->val.integer; ++ if (line_idx < 1 || line_idx > extension->numlines) { ++ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE); ++ continue; ++ } + cp = extension->lines[line_idx-1]; + + /* +-- +1.7.4.1 +