447974: CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)

Source: upstream, https://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
Reviewed-by: Jan Safranek <jsafrane@redhat.com>

diff -up net-snmp-5.0.9/snmplib/scapi.c.orig net-snmp-5.0.9/snmplib/scapi.c
--- net-snmp-5.0.9/snmplib/scapi.c.orig	2008-06-04 10:19:26.000000000 +0200
+++ net-snmp-5.0.9/snmplib/scapi.c	2008-06-04 10:20:45.000000000 +0200
@@ -460,6 +460,9 @@ sc_check_keyed_hash(const oid * authtype
         QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
     }
 
+    if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
+        QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
+    }
 
     /*
      * Generate a full hash of the message, then compare