Fix insufficient message length validation in bsnmp library.

Approved by: so Security: FreeBSD-SA-19:20.bsnmp Security: CVE-2019-5610
author: Gordon Tetlow <gordon@FreeBSD.org> 2019-08-06 17:12:17 +0000
committer: Gordon Tetlow <gordon@FreeBSD.org> 2019-08-06 17:12:17 +0000
commit: a3f4653401e41954f5907cfa991d0d0c9b08d054 (patch)
tree: 0c2f823d863e649c25a65befe9b767dc478e3e21
parent: a237cb55dd19d7f8ca0d5f2cba2a0d16a3a69e50 (diff)
download: src-test2-a3f4653401e41954f5907cfa991d0d0c9b08d054.tar.gz
src-test2-a3f4653401e41954f5907cfa991d0d0c9b08d054.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/contrib/bsnmp/lib/asn1.c b/contrib/bsnmp/lib/asn1.c
index 03b5662ed22c..c96ea8c84ff6 100644
--- a/contrib/bsnmp/lib/asn1.c
+++ b/contrib/bsnmp/lib/asn1.c
@@ -100,6 +100,11 @@ asn_get_header(struct asn_buf *b, u_char *type, asn_len_t *len)
 		*len = *b->asn_cptr++;
 		b->asn_len--;
 	}
+	if (*len > b->asn_len) {
+		asn_error(b, "len %u exceeding asn_len %u", *len, b->asn_len);
+		return (ASN_ERR_EOBUF);
+	}
+	
 	return (ASN_ERR_OK);
 }
author	Gordon Tetlow <gordon@FreeBSD.org>	2019-08-06 17:12:17 +0000
committer	Gordon Tetlow <gordon@FreeBSD.org>	2019-08-06 17:12:17 +0000
commit	a3f4653401e41954f5907cfa991d0d0c9b08d054 (patch)
tree	0c2f823d863e649c25a65befe9b767dc478e3e21
parent	a237cb55dd19d7f8ca0d5f2cba2a0d16a3a69e50 (diff)
download	src-test2-a3f4653401e41954f5907cfa991d0d0c9b08d054.tar.gz src-test2-a3f4653401e41954f5907cfa991d0d0c9b08d054.zip