mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 16:27:27 +00:00
efbc247121
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59362 Pick the PR content that's referenced in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
52 lines
1.8 KiB
Diff
52 lines
1.8 KiB
Diff
From 4b9784928c87225605fd223b6fa0e5b42d039359 Mon Sep 17 00:00:00 2001
|
|
From: Alex Rousskov <rousskov@measurement-factory.com>
|
|
Date: Sat, 30 Aug 2025 06:49:36 +0000
|
|
Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
|
|
|
|
CVE: CVE-2025-59362
|
|
Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9]
|
|
---
|
|
lib/snmplib/asn1.c | 13 +++++++++++++
|
|
1 file changed, 13 insertions(+)
|
|
|
|
diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
|
|
index 8a4e471..0bb1f0b 100644
|
|
--- a/lib/snmplib/asn1.c
|
|
+++ b/lib/snmplib/asn1.c
|
|
@@ -771,6 +771,7 @@ asn_build_objid(u_char * data, int *datalength,
|
|
* lastbyte ::= 0 7bitvalue
|
|
*/
|
|
u_char buf[MAX_OID_LEN];
|
|
+ u_char *bufEnd = buf + sizeof(buf);
|
|
u_char *bp = buf;
|
|
oid *op = objid;
|
|
int asnlength;
|
|
@@ -789,6 +790,10 @@ asn_build_objid(u_char * data, int *datalength,
|
|
while (objidlength-- > 0) {
|
|
subid = *op++;
|
|
if (subid < 127) { /* off by one? */
|
|
+ if (bp >= bufEnd) {
|
|
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
|
|
+ return (NULL);
|
|
+ }
|
|
*bp++ = subid;
|
|
} else {
|
|
mask = 0x7F; /* handle subid == 0 case */
|
|
@@ -806,8 +811,16 @@ asn_build_objid(u_char * data, int *datalength,
|
|
/* fix a mask that got truncated above */
|
|
if (mask == 0x1E00000)
|
|
mask = 0xFE00000;
|
|
+ if (bp >= bufEnd) {
|
|
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
|
|
+ return (NULL);
|
|
+ }
|
|
*bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
|
|
}
|
|
+ if (bp >= bufEnd) {
|
|
+ snmp_set_api_error(SNMPERR_ASN_ENCODE);
|
|
+ return (NULL);
|
|
+ }
|
|
*bp++ = (u_char) (subid & mask);
|
|
}
|
|
}
|