1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Fix: CVE-2014-3609
revno: 13172
revision-id: squid3@treenet.co.nz-20140915045834-qo85nnsinp9wu4gt
parent: squid3@treenet.co.nz-20140827142207-n6y0r0iuv4sq6hvg
author: Sebastian Krahmer <krahmer@suse.com>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.4
timestamp: Sun 2014-09-14 22:58:34 -0600
message:
Fix off by one in SNMP subsystem
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20140915045834-qo85nnsinp9wu4gt
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# testament_sha1: 72ffc18d9c25a0412efc813dc5cde1c63e8ebe46
# timestamp: 2014-09-15 11:08:17 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# base_revision_id: squid3@treenet.co.nz-20140827142207-\
# n6y0r0iuv4sq6hvg
#
# Begin patch
Upstream-Status: Backport
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13172.patch
Signed-of-by: Armin Kuster <akuster@mvista.com>
=== modified file 'src/snmp_core.cc'
--- a/src/snmp_core.cc 2014-02-18 08:46:49 +0000
+++ b/src/snmp_core.cc 2014-09-15 04:58:34 +0000
@@ -362,7 +362,7 @@
void
snmpHandleUdp(int sock, void *not_used)
{
- LOCAL_ARRAY(char, buf, SNMP_REQUEST_SIZE);
+ static char buf[SNMP_REQUEST_SIZE];
Ip::Address from;
SnmpRequest *snmp_rq;
int len;
@@ -371,16 +371,11 @@
Comm::SetSelect(sock, COMM_SELECT_READ, snmpHandleUdp, NULL, 0);
- memset(buf, '\0', SNMP_REQUEST_SIZE);
+ memset(buf, '\0', sizeof(buf));
- len = comm_udp_recvfrom(sock,
- buf,
- SNMP_REQUEST_SIZE,
- 0,
- from);
+ len = comm_udp_recvfrom(sock, buf, sizeof(buf)-1, 0, from);
if (len > 0) {
- buf[len] = '\0';
debugs(49, 3, "snmpHandleUdp: FD " << sock << ": received " << len << " bytes from " << from << ".");
snmp_rq = (SnmpRequest *)xcalloc(1, sizeof(SnmpRequest));
|