diff options
author | yzhu1 <yanjun.zhu@windriver.com> | 2014-05-09 16:40:37 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2014-05-09 10:18:40 -0400 |
commit | 9747141c09c641ce2364f246805be1682bbb7a9a (patch) | |
tree | 8d766e93ad172481e7113c994e37f6f0d897aeee /meta-networking/recipes-protocols/net-snmp/files | |
parent | 7361149c47dc846552e574456c607d1bef508b08 (diff) | |
download | meta-openembedded-9747141c09c641ce2364f246805be1682bbb7a9a.tar.gz |
net-snmp-5.7.2: fix CVE-2014-2285
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs
in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions,
allows remote attackers to cause a denial of service (snmptrapd
crash) via an empty community string in an SNMP trap, which triggers
a NULL pointer dereference within the newSVpv function in Perl.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2285
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'meta-networking/recipes-protocols/net-snmp/files')
-rw-r--r-- | meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch b/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch new file mode 100644 index 0000000000..8267eeb75d --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/files/net-snmp-5.7.2-fix-CVE-2014-2285.patch @@ -0,0 +1,26 @@ +--- a/perl/TrapReceiver/TrapReceiver.xs ++++ b/perl/TrapReceiver/TrapReceiver.xs +@@ -81,18 +81,18 @@ int perl_trapd_handler( netsnmp_pdu + STOREPDUi("securitymodel", pdu->securityModel); + STOREPDUi("securitylevel", pdu->securityLevel); + STOREPDU("contextName", +- newSVpv(pdu->contextName, pdu->contextNameLen)); ++ newSVpv(pdu->contextName ? pdu->contextName : "", pdu->contextNameLen)); + STOREPDU("contextEngineID", +- newSVpv((char *) pdu->contextEngineID, ++ newSVpv(pdu->contextEngineID ? (char *) pdu->contextEngineID : "", + pdu->contextEngineIDLen)); + STOREPDU("securityEngineID", +- newSVpv((char *) pdu->securityEngineID, ++ newSVpv(pdu->securityEngineID ? (char *) pdu->securityEngineID : "", + pdu->securityEngineIDLen)); + STOREPDU("securityName", +- newSVpv((char *) pdu->securityName, pdu->securityNameLen)); ++ newSVpv(pdu->securityName ? (char *) pdu->securityName : "", pdu->securityNameLen)); + } else { + STOREPDU("community", +- newSVpv((char *) pdu->community, pdu->community_len)); ++ newSVpv(pdu->community ? (char *) pdu->community : "", pdu->community_len)); + } + + if (transport && transport->f_fmtaddr) { |