22 lines
927 B
Diff
22 lines
927 B
Diff
commit 4c5633f1603e4bd03ed05c37d782ec8911759c47
|
|
Author: Robert Story <rstory@freesnmp.com>
|
|
Date: Mon May 14 11:40:06 2012 -0400
|
|
|
|
NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash
|
|
|
|
diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
|
|
index d00475f..1f8586a 100644
|
|
--- a/agent/mibgroup/agent/extend.c
|
|
+++ b/agent/mibgroup/agent/extend.c
|
|
@@ -1299,6 +1299,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_handler *handler,
|
|
* Determine which line we've been asked for....
|
|
*/
|
|
line_idx = *table_info->indexes->next_variable->val.integer;
|
|
+ if (line_idx < 1 || line_idx > extension->numlines) {
|
|
+ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
|
|
+ continue;
|
|
+ }
|
|
cp = extension->lines[line_idx-1];
|
|
|
|
/*
|