← Back to branch summary

~ubuntu-branches/ubuntu/wily/net-snmp/wily-proposed

« back to all changes in this revision

Viewing changes to agent/mibgroup/mibII/kernel_linux.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-04-08 08:17:14 UTC
  • Revision ID: package-import@ubuntu.com-20140408081714-31du0g3p3ggkwe9o
Tags: 5.7.2~dfsg-8.1ubuntu3
* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service when ICMP-MIB is in use
  - debian/patches/CVE-2014-2284.patch: fix ICMP mib table handling in
    agent/mibgroup/mibII/icmp.c, agent/mibgroup/mibII/kernel_linux.*.
  - CVE-2014-2284
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285

Show diffs side-by-side

added added

removed removed

Lines of Context:
agent/mibgroup/mibII/kernel_linux.c
81
81
            index = strtol(token, &delim, 0);
82
82
            if (ERANGE == errno) {
83
83
                continue;
84
 
            } else if (index > LONG_MAX) {
 
84
            } else if (index > 255) {
85
85
                continue;
86
 
            } else if (index < LONG_MIN) {
 
86
            } else if (index < 0) {
87
87
                continue;
88
88
            }
89
89
            if (NULL == (token = strtok_r(dataptr, " ", &saveptr1)))
94
94
            index = strtol(token, &delim, 0);
95
95
            if (ERANGE == errno) {
96
96
                continue;
97
 
            } else if (index > LONG_MAX) {
 
97
            } else if (index > 255) {
98
98
                continue;
99
 
            } else if (index < LONG_MIN) {
 
99
            } else if (index < 0) {
100
100
                continue;
101
101
            }
102
102
            if(NULL == (token = strtok_r(dataptr, " ", &saveptr1)))
426
426
 
427
427
        vals = name;
428
428
        if (NULL != icmp6msgstat) {
 
429
            int type;
429
430
            if (0 == strncmp(name, "Icmp6OutType", 12)) {
430
431
                strsep(&vals, "e");
431
 
                icmp6msgstat->vals[atoi(vals)].OutType = stats;
 
432
                type = atoi(vals);
 
433
                if ( type < 0 || type > 255 )
 
434
                    continue;
 
435
                icmp6msgstat->vals[type].OutType = stats;
432
436
                *support = 1;
433
437
                continue;
434
438
            } else if (0 == strncmp(name, "Icmp6InType", 11)) {
435
439
                strsep(&vals, "e");
436
 
                icmp6msgstat->vals[atoi(vals)].InType = stats;
 
440
                type = atoi(vals);
 
441
                if ( type < 0 || type > 255 )
 
442
                    continue;
 
443
                icmp6msgstat->vals[type].InType = stats;
437
444
                *support = 1;
438
445
                continue;
439
446
            }