← Back to branch summary

~ubuntu-branches/ubuntu/wily/net-snmp/wily-proposed

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-2285.patch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-04-08 08:17:14 UTC
  • Revision ID: package-import@ubuntu.com-20140408081714-31du0g3p3ggkwe9o
Tags: 5.7.2~dfsg-8.1ubuntu3
* SECURITY UPDATE: denial of service via AgentX subagent timeout
  - debian/patches/CVE-2012-6151.patch: track cancelled sessions in
    agent/mibgroup/agentx/{master.c,master_admin.c}, agent/snmp_agent.c,
    include/net-snmp/agent/snmp_agent.h.
  - CVE-2012-6151
* SECURITY UPDATE: denial of service when ICMP-MIB is in use
  - debian/patches/CVE-2014-2284.patch: fix ICMP mib table handling in
    agent/mibgroup/mibII/icmp.c, agent/mibgroup/mibII/kernel_linux.*.
  - CVE-2014-2284
* SECURITY UPDATE: denial of service in perl trap handler
  - debian/patches/CVE-2014-2285.patch: handle empty community string in
    perl/TrapReceiver/TrapReceiver.xs.
  - CVE-2014-2285

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2014-2285.patch
 
1
commit 76e8d6d100320629d8a23be4b0128619600c919d
 
2
Author: Jan Safranek <jsafranek@users.sourceforge.net>
 
3
Date:   Thu Mar 6 09:21:51 2014 +0100
 
4
 
 
5
    CHANGES: snmpd: PATCH: 1275: from Viliam Púčik: fixed Perl trap handler when processing trap with empty community string.
 
6
 
 
7
diff --git a/perl/TrapReceiver/TrapReceiver.xs b/perl/TrapReceiver/TrapReceiver.xs
 
8
index e11ef27..8713efd 100644
 
9
--- a/perl/TrapReceiver/TrapReceiver.xs
 
10
+++ b/perl/TrapReceiver/TrapReceiver.xs
 
11
@@ -81,18 +81,18 @@ int   perl_trapd_handler( netsnmp_pdu           *pdu,
 
12
         STOREPDUi("securitymodel", pdu->securityModel);
 
13
         STOREPDUi("securitylevel", pdu->securityLevel);
 
14
         STOREPDU("contextName",
 
15
-                 newSVpv(pdu->contextName, pdu->contextNameLen));
 
16
+                 newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen));
 
17
         STOREPDU("contextEngineID",
 
18
-                 newSVpv((char *) pdu->contextEngineID,
 
19
+                 newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "",
 
20
                                     pdu->contextEngineIDLen));
 
21
         STOREPDU("securityEngineID",
 
22
-                 newSVpv((char *) pdu->securityEngineID,
 
23
+                 newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "",
 
24
                                     pdu->securityEngineIDLen));
 
25
         STOREPDU("securityName",
 
26
-                 newSVpv((char *) pdu->securityName, pdu->securityNameLen));
 
27
+                 newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen));
 
28
     } else {
 
29
         STOREPDU("community",
 
30
-                 newSVpv((char *) pdu->community, pdu->community_len));
 
31
+                 newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len));
 
32
     }
 
33
 
 
34
     if (transport && transport->f_fmtaddr) {