patch from

http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
 taking care of (among others) the vulnerability described in
http://www.openwall.com/lists/oss-security/2015/04/13/1

3 files changed, 128 insertions, 2 deletions

diff --git a/net/net-snmp/Makefile.common b/net/net-snmp/Makefile.common
index eb431c71f08..793a90efdd6 100644
--- a/net/net-snmp/Makefile.common
+++ b/net/net-snmp/Makefile.common
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.common,v 1.3 2015/01/09 14:00:00 adam Exp $
+# $NetBSD: Makefile.common,v 1.4 2015/06/08 20:08:57 spz Exp $
 # used by net/net-snmp/Makefile
 # used by net/py-netsnmp/Makefile
 
 DISTNAME=	net-snmp-5.7.3
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=net-snmp/}
+PKGREVISION=	1
 
 HOMEPAGE=	http://www.net-snmp.org/
 LICENSE=	modified-bsd
diff --git a/net/net-snmp/distinfo b/net/net-snmp/distinfo
index e24c0b2b298..b769fe61e9c 100644
--- a/net/net-snmp/distinfo
+++ b/net/net-snmp/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.84 2014/12/31 10:06:57 adam Exp $
+$NetBSD: distinfo,v 1.85 2015/06/08 20:08:57 spz Exp $
 
 SHA1 (net-snmp-5.7.3.tar.gz) = 97dc25077257680815de44e34128d365c76bd839
 RMD160 (net-snmp-5.7.3.tar.gz) = c5cf54d5723ee417e07f1f9fa3936aef505104a2
@@ -33,3 +33,4 @@ SHA1 (patch-es) = 7336d905bac315f344f93664e4118332f88fb6ee
 SHA1 (patch-include_net-snmp_agent_snmp__agent.h) = 2139d849b0ffe004a72f3276a98c0d2cb72dca18
 SHA1 (patch-include_net-snmp_system_netbsd.h) = 7880fded678147b2cc75e035234b89727e213d00
 SHA1 (patch-perl_agent_Makefile.PL) = 722380debeda1552b74b60ff91cea3cbbc716e74
+SHA1 (patch-snmplib_snmp__api.c) = b4f498aa93b61f809e3696df1fc6bf32bd942233
diff --git a/net/net-snmp/patches/patch-snmplib_snmp__api.c b/net/net-snmp/patches/patch-snmplib_snmp__api.c
new file mode 100644
index 00000000000..37dcc7c5e3c
--- /dev/null
+++ b/net/net-snmp/patches/patch-snmplib_snmp__api.c
@@ -0,0 +1,124 @@
+$NetBSD: patch-snmplib_snmp__api.c,v 1.1 2015/06/08 20:08:57 spz Exp $
+
+patch from http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
+
+
+--- snmplib/snmp_api.c.orig	2014-12-08 20:23:22.000000000 +0000
++++ snmplib/snmp_api.c
+@@ -4350,10 +4350,9 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char 
+     u_char          type;
+     u_char          msg_type;
+     u_char         *var_val;
+-    int             badtype = 0;
+     size_t          len;
+     size_t          four;
+-    netsnmp_variable_list *vp = NULL;
++    netsnmp_variable_list *vp = NULL, *vplast = NULL;
+     oid             objid[MAX_OID_LEN];
+     u_char         *p;
+ 
+@@ -4493,38 +4492,24 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char 
+                               (ASN_SEQUENCE | ASN_CONSTRUCTOR),
+                               "varbinds");
+     if (data == NULL)
+-        return -1;
++        goto fail;
+ 
+     /*
+      * get each varBind sequence 
+      */
+     while ((int) *length > 0) {
+-        netsnmp_variable_list *vptemp;
+-        vptemp = (netsnmp_variable_list *) malloc(sizeof(*vptemp));
+-        if (NULL == vptemp) {
+-            return -1;
+-        }
+-        if (NULL == vp) {
+-            pdu->variables = vptemp;
+-        } else {
+-            vp->next_variable = vptemp;
+-        }
+-        vp = vptemp;
++        vp = SNMP_MALLOC_TYPEDEF(netsnmp_variable_list);
++        if (NULL == vp)
++            goto fail;
+ 
+-        vp->next_variable = NULL;
+-        vp->val.string = NULL;
+         vp->name_length = MAX_OID_LEN;
+-        vp->name = NULL;
+-        vp->index = 0;
+-        vp->data = NULL;
+-        vp->dataFreeHook = NULL;
+         DEBUGDUMPSECTION("recv", "VarBind");
+         data = snmp_parse_var_op(data, objid, &vp->name_length, &vp->type,
+                                  &vp->val_len, &var_val, length);
+         if (data == NULL)
+-            return -1;
++            goto fail;
+         if (snmp_set_var_objid(vp, objid, vp->name_length))
+-            return -1;
++            goto fail;
+ 
+         len = MAX_PACKET_LENGTH;
+         DEBUGDUMPHEADER("recv", "Value");
+@@ -4604,7 +4589,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char 
+                 vp->val.string = (u_char *) malloc(vp->val_len);
+             }
+             if (vp->val.string == NULL) {
+-                return -1;
++                goto fail;
+             }
+             p = asn_parse_string(var_val, &len, &vp->type, vp->val.string,
+                              &vp->val_len);
+@@ -4619,7 +4604,7 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char 
+             vp->val_len *= sizeof(oid);
+             vp->val.objid = (oid *) malloc(vp->val_len);
+             if (vp->val.objid == NULL) {
+-                return -1;
++                goto fail;
+             }
+             memmove(vp->val.objid, objid, vp->val_len);
+             break;
+@@ -4631,21 +4616,35 @@ snmp_pdu_parse(netsnmp_pdu *pdu, u_char 
+         case ASN_BIT_STR:
+             vp->val.bitstring = (u_char *) malloc(vp->val_len);
+             if (vp->val.bitstring == NULL) {
+-                return -1;
++                goto fail;
+             }
+-            p = asn_parse_bitstring(var_val, &len, &vp->type,
++            asn_parse_bitstring(var_val, &len, &vp->type,
+                                 vp->val.bitstring, &vp->val_len);
+-            if (!p)
+-                return -1;
+             break;
+         default:
+             snmp_log(LOG_ERR, "bad type returned (%x)\n", vp->type);
+-            badtype = -1;
++            goto fail;
+             break;
+         }
+         DEBUGINDENTADD(-4);
++
++        if (NULL == vplast) {
++            pdu->variables = vp;
++        } else {
++            vplast->next_variable = vp;
++        }
++        vplast = vp;
++        vp = NULL;
+     }
+-    return badtype;
++    return 0;
++
++fail:
++    DEBUGMSGTL(("recv", "error while parsing VarBindList\n"));
++    /** if we were parsing a var, remove it from the pdu and free it */
++    if (vp)
++        snmp_free_var(vp);
++
++    return -1;
+ }
+ 
+ /*