[pkgsrc/trunk]: pkgsrc/net/net-snmp Add patch from the Net-SNMP SVN repositor...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/708075a3de7e
branches:  trunk
changeset: 542472:708075a3de7e
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun May 18 11:59:54 2008 +0000

description:
Add patch from the Net-SNMP SVN repository to fix a buffer overflow in
the Perl SNMP module reported in SA30187.

diffstat:

 net/net-snmp/Makefile         |    4 +-
 net/net-snmp/distinfo         |    3 +-
 net/net-snmp/patches/patch-ad |  103 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 107 insertions(+), 3 deletions(-)

diffs (137 lines):

diff -r ea7db8f47a20 -r 708075a3de7e net/net-snmp/Makefile
--- a/net/net-snmp/Makefile     Sun May 18 08:28:05 2008 +0000
+++ b/net/net-snmp/Makefile     Sun May 18 11:59:54 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.67 2008/01/03 19:10:09 seb Exp $
+# $NetBSD: Makefile,v 1.68 2008/05/18 11:59:54 tron Exp $
 
 DISTNAME=      net-snmp-5.4.1
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    net
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=net-snmp/}
 
diff -r ea7db8f47a20 -r 708075a3de7e net/net-snmp/distinfo
--- a/net/net-snmp/distinfo     Sun May 18 08:28:05 2008 +0000
+++ b/net/net-snmp/distinfo     Sun May 18 11:59:54 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.42 2008/01/03 19:10:09 seb Exp $
+$NetBSD: distinfo,v 1.43 2008/05/18 11:59:54 tron Exp $
 
 SHA1 (net-snmp-5.4.1.tar.gz) = ac5ba033c10d53d3057415121f8c4936c643c208
 RMD160 (net-snmp-5.4.1.tar.gz) = 3723488dab8d164702a7d55c9c72eeaec07dd50c
@@ -6,6 +6,7 @@
 SHA1 (patch-aa) = 51b09cc020776d136861d34f9ea529a986d2426d
 SHA1 (patch-ab) = 3227eeb8b54b37813d8b6949f8c6ddc446038bf2
 SHA1 (patch-ac) = acdcde40ec53215d7778b2d0a67656b82274d006
+SHA1 (patch-ad) = 0041bbc3c1b2be73c8d1af1aba671d3a227473f4
 SHA1 (patch-ae) = 721e62bb42b6d3787f36316cf2628cd71ae6a6ce
 SHA1 (patch-af) = 88d0433a6a233dc52fec10e29183d820c50bd524
 SHA1 (patch-ag) = 7021f7238c37635c9c32ceca681fd42aa125437f
diff -r ea7db8f47a20 -r 708075a3de7e net/net-snmp/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/net-snmp/patches/patch-ad     Sun May 18 11:59:54 2008 +0000
@@ -0,0 +1,103 @@
+$NetBSD: patch-ad,v 1.5 2008/05/18 11:59:54 tron Exp $
+
+--- perl/SNMP/SNMP.xs.orig     2007-06-18 23:28:09.000000000 +0100
++++ perl/SNMP/SNMP.xs  2008-05-18 12:40:27.000000000 +0100
+@@ -470,14 +470,16 @@
+            if (flag == USE_ENUMS) {
+               for(ep = tp->enums; ep; ep = ep->next) {
+                  if (ep->value == *var->val.integer) {
+-                    strcpy(buf, ep->label);
++                    strncpy(buf, ep->label, buf_len);
++                    buf[buf_len-1] = '\0';
+                     len = strlen(buf);
+                     break;
+                  }
+               }
+            }
+            if (!len) {
+-              sprintf(buf,"%ld", *var->val.integer);
++              snprintf(buf, buf_len, "%ld", *var->val.integer);
++              buf[buf_len-1] = '\0';
+               len = strlen(buf);
+            }
+            break;
+@@ -486,21 +488,25 @@
+         case ASN_COUNTER:
+         case ASN_TIMETICKS:
+         case ASN_UINTEGER:
+-           sprintf(buf,"%lu", (unsigned long) *var->val.integer);
++           snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
++           buf[buf_len-1] = '\0';
+            len = strlen(buf);
+            break;
+ 
+         case ASN_OCTET_STR:
+         case ASN_OPAQUE:
+-           memcpy(buf, (char*)var->val.string, var->val_len);
+            len = var->val_len;
++           if ( len > buf_len )
++               len = buf_len;
++           memcpy(buf, (char*)var->val.string, len);
+            break;
+ 
+         case ASN_IPADDRESS:
+-          ip = (u_char*)var->val.string;
+-          sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+-          len = strlen(buf);
+-          break;
++           ip = (u_char*)var->val.string;
++           snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
++           buf[buf_len-1] = '\0';
++           len = strlen(buf);
++           break;
+ 
+         case ASN_NULL:
+            break;
+@@ -512,14 +518,14 @@
+           break;
+ 
+       case SNMP_ENDOFMIBVIEW:
+-          sprintf(buf,"%s", "ENDOFMIBVIEW");
+-        break;
++           snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
++         break;
+       case SNMP_NOSUCHOBJECT:
+-        sprintf(buf,"%s", "NOSUCHOBJECT");
+-        break;
++         snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
++         break;
+       case SNMP_NOSUCHINSTANCE:
+-        sprintf(buf,"%s", "NOSUCHINSTANCE");
+-        break;
++         snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
++         break;
+ 
+         case ASN_COUNTER64:
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+@@ -538,19 +544,19 @@
+ #endif
+ 
+         case ASN_BIT_STR:
+-            snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
++            snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
+             len = strlen(buf);
+             break;
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+         case ASN_OPAQUE_FLOAT:
+-        if (var->val.floatVal)
+-          sprintf(buf,"%f", *var->val.floatVal);
+-         break;
++           if (var->val.floatVal)
++              snprintf(buf, buf_len, "%f", *var->val.floatVal);
++           break;
+          
+         case ASN_OPAQUE_DOUBLE:
+-        if (var->val.doubleVal)
+-          sprintf(buf,"%f", *var->val.doubleVal);
+-         break;
++           if (var->val.doubleVal)
++              snprintf(buf, buf_len, "%f", *var->val.doubleVal);
++           break;
+ #endif
+          
+         case ASN_NSAP: