[pkgsrc/trunk]: pkgsrc/net/tcl-scotty Add a patch which does minimal validati...

[he <he%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/cfd9337deba1
branches:  trunk
changeset: 375054:cfd9337deba1
user:      he <he%pkgsrc.org@localhost>
date:      Fri Feb 02 13:55:28 2018 +0000

description:
Add a patch which does minimal validation when decoding OIDs.
Bump PKGREVISION.

diffstat:

 net/tcl-scotty/Makefile                         |   4 ++--
 net/tcl-scotty/distinfo                         |   6 +++---
 net/tcl-scotty/patches/patch-tnm_snmp_tnmAsn1.c |  15 ++++++++++++++-
 3 files changed, 19 insertions(+), 6 deletions(-)

diffs (63 lines):

diff -r 4213478ffe55 -r cfd9337deba1 net/tcl-scotty/Makefile
--- a/net/tcl-scotty/Makefile   Fri Feb 02 13:55:04 2018 +0000
+++ b/net/tcl-scotty/Makefile   Fri Feb 02 13:55:28 2018 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.40 2017/02/01 09:29:18 he Exp $
+# $NetBSD: Makefile,v 1.41 2018/02/02 13:55:28 he Exp $
 #
 
 DISTNAME=      scotty-${DIST_VERS}
 PKGNAME=       tcl-scotty-${DIST_VERS}
-PKGREVISION=   13
+PKGREVISION=   14
 CATEGORIES=    net tcl
 MASTER_SITES=  ftp://ftp.ibr.cs.tu-bs.de/pub/local/tkined/
 
diff -r 4213478ffe55 -r cfd9337deba1 net/tcl-scotty/distinfo
--- a/net/tcl-scotty/distinfo   Fri Feb 02 13:55:04 2018 +0000
+++ b/net/tcl-scotty/distinfo   Fri Feb 02 13:55:28 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2017/08/19 00:26:26 jlam Exp $
+$NetBSD: distinfo,v 1.22 2018/02/02 13:55:28 he Exp $
 
 SHA1 (scotty-2.1.11.tar.gz) = 819011f908c57e4591d6f50e51677c01eb55dc13
 RMD160 (scotty-2.1.11.tar.gz) = 3b4d45f3db73f05b49a46017bf2ffed6d6464b00
@@ -25,8 +25,8 @@
 SHA1 (patch-tnm_generic_tnmSyslog.c) = 3963f952ea8ce9907a7db4584e4f27280e4bb33d
 SHA1 (patch-tnm_generic_tnmUdp.c) = ceaa4f32a379b3c697405ae1bc22d7c5a4775982
 SHA1 (patch-tnm_generic_tnmUtil.c) = 0c9216365ab2059e7e064439bfb8df8341afe1b9
-SHA1 (patch-tnm_snmp_straps.c) = 3ec9baf566ab4cabd09de98ca1c3a689d9335b8c
-SHA1 (patch-tnm_snmp_tnmAsn1.c) = 4eefe643ff0ffc4003e446a91189bf07ae37474b
+SHA1 (patch-tnm_snmp_straps.c) = deb245d6e4a1026e81ee75c9a25eef5b6837b300
+SHA1 (patch-tnm_snmp_tnmAsn1.c) = a14c3690614ec979246c906dea6b0da7356e1204
 SHA1 (patch-tnm_snmp_tnmAsn1.h) = 09b036aea74fdc187fedb72db520a701f217ca57
 SHA1 (patch-tnm_snmp_tnmMib.h) = f98655ed6f69479d91b91524397897c355cf7453
 SHA1 (patch-tnm_snmp_tnmMibParser.c) = ef22293224b42f90dc900d63f54ae78c34e74e6b
diff -r 4213478ffe55 -r cfd9337deba1 net/tcl-scotty/patches/patch-tnm_snmp_tnmAsn1.c
--- a/net/tcl-scotty/patches/patch-tnm_snmp_tnmAsn1.c   Fri Feb 02 13:55:04 2018 +0000
+++ b/net/tcl-scotty/patches/patch-tnm_snmp_tnmAsn1.c   Fri Feb 02 13:55:28 2018 +0000
@@ -1,6 +1,7 @@
-$NetBSD: patch-tnm_snmp_tnmAsn1.c,v 1.1 2014/03/05 13:52:29 he Exp $
+$NetBSD: patch-tnm_snmp_tnmAsn1.c,v 1.2 2018/02/02 13:55:29 he Exp $
 
 Constify.
+Provide minimal robustness against mis-coded OIDs.
 
 --- tnm/snmp/tnmAsn1.c.orig    1996-07-29 21:33:44.000000000 +0000
 +++ tnm/snmp/tnmAsn1.c
@@ -48,3 +49,15 @@
      int convert = 0;
  
      if (! str) return NULL;
+@@ -914,6 +915,11 @@ Tnm_BerDecOID(packet, packetlen, oid, oi
+       strcpy(error, "OBJECT IDENTIFIER of length 0");
+       return NULL;
+     }
++    if (asnlen > TNM_OIDMAXLEN) {
++      sprintf(error, "OBJECT IDENTIFIER too long: %d, max is %d",
++              asnlen, TNM_OIDMAXLEN);
++      return NULL;
++    }
+     
+     if (asnlen == 1 && (*packet % 40 == *packet)) {
+       *oid       = *packet++;