diff options
author | Gordon Tetlow <gordon@FreeBSD.org> | 2019-08-06 17:12:17 +0000 |
---|---|---|
committer | Gordon Tetlow <gordon@FreeBSD.org> | 2019-08-06 17:12:17 +0000 |
commit | a3f4653401e41954f5907cfa991d0d0c9b08d054 (patch) | |
tree | 0c2f823d863e649c25a65befe9b767dc478e3e21 | |
parent | a237cb55dd19d7f8ca0d5f2cba2a0d16a3a69e50 (diff) | |
download | src-test2-a3f4653401e41954f5907cfa991d0d0c9b08d054.tar.gz src-test2-a3f4653401e41954f5907cfa991d0d0c9b08d054.zip |
Fix insufficient message length validation in bsnmp library.
Approved by: so
Security: FreeBSD-SA-19:20.bsnmp
Security: CVE-2019-5610
Notes
Notes:
svn path=/releng/12.0/; revision=350646
-rw-r--r-- | contrib/bsnmp/lib/asn1.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/bsnmp/lib/asn1.c b/contrib/bsnmp/lib/asn1.c index 03b5662ed22c..c96ea8c84ff6 100644 --- a/contrib/bsnmp/lib/asn1.c +++ b/contrib/bsnmp/lib/asn1.c @@ -100,6 +100,11 @@ asn_get_header(struct asn_buf *b, u_char *type, asn_len_t *len) *len = *b->asn_cptr++; b->asn_len--; } + if (*len > b->asn_len) { + asn_error(b, "len %u exceeding asn_len %u", *len, b->asn_len); + return (ASN_ERR_EOBUF); + } + return (ASN_ERR_OK); } |