commit 4c5633f1603e4bd03ed05c37d782ec8911759c47
Author: Robert Story <rstory@freesnmp.com>
Date: Mon May 14 11:40:06 2012 -0400
NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash
diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
index d00475f..1f8586a 100644
--- a/agent/mibgroup/agent/extend.c
+++ b/agent/mibgroup/agent/extend.c
@@ -1299,6 +1299,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_handler *handler,
* Determine which line we've been asked for....
*/
line_idx = *table_info->indexes->next_variable->val.integer;
+ if (line_idx < 1 || line_idx > extension->numlines) {
+ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
+ continue;
+ }
cp = extension->lines[line_idx-1];
/*
distrib
>
Fedora
>
17
>
i386
>
media
>
updates-src
>
by-pkgid
>
392d0b22c85965921c0bf82ceac1e5f1
>
files
>
10
