Add patch from the Net-SNMP SVN repository to fix a buffer overflow in

the Perl SNMP module reported in SA30187.

3 files changed, 107 insertions, 3 deletions

diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile
index 2cc5d7c57b9..5d408addc0c 100644
--- a/net/net-snmp/Makefile
+++ b/net/net-snmp/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.67 2008/01/03 19:10:09 seb Exp $
+# $NetBSD: Makefile,v 1.68 2008/05/18 11:59:54 tron Exp $
 
 DISTNAME=	net-snmp-5.4.1
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=net-snmp/}
 
diff --git a/net/net-snmp/distinfo b/net/net-snmp/distinfo
index 36a8a8b615f..bf3e5ce9ecc 100644
--- a/net/net-snmp/distinfo
+++ b/net/net-snmp/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.42 2008/01/03 19:10:09 seb Exp $
+$NetBSD: distinfo,v 1.43 2008/05/18 11:59:54 tron Exp $
 
 SHA1 (net-snmp-5.4.1.tar.gz) = ac5ba033c10d53d3057415121f8c4936c643c208
 RMD160 (net-snmp-5.4.1.tar.gz) = 3723488dab8d164702a7d55c9c72eeaec07dd50c
@@ -6,6 +6,7 @@ Size (net-snmp-5.4.1.tar.gz) = 5122455 bytes
 SHA1 (patch-aa) = 51b09cc020776d136861d34f9ea529a986d2426d
 SHA1 (patch-ab) = 3227eeb8b54b37813d8b6949f8c6ddc446038bf2
 SHA1 (patch-ac) = acdcde40ec53215d7778b2d0a67656b82274d006
+SHA1 (patch-ad) = 0041bbc3c1b2be73c8d1af1aba671d3a227473f4
 SHA1 (patch-ae) = 721e62bb42b6d3787f36316cf2628cd71ae6a6ce
 SHA1 (patch-af) = 88d0433a6a233dc52fec10e29183d820c50bd524
 SHA1 (patch-ag) = 7021f7238c37635c9c32ceca681fd42aa125437f
diff --git a/net/net-snmp/patches/patch-ad b/net/net-snmp/patches/patch-ad
new file mode 100644
index 00000000000..874ba5dd176
--- /dev/null
+++ b/net/net-snmp/patches/patch-ad
@@ -0,0 +1,103 @@
+$NetBSD: patch-ad,v 1.5 2008/05/18 11:59:54 tron Exp $
+
+--- perl/SNMP/SNMP.xs.orig	2007-06-18 23:28:09.000000000 +0100
++++ perl/SNMP/SNMP.xs	2008-05-18 12:40:27.000000000 +0100
+@@ -470,14 +470,16 @@
+            if (flag == USE_ENUMS) {
+               for(ep = tp->enums; ep; ep = ep->next) {
+                  if (ep->value == *var->val.integer) {
+-                    strcpy(buf, ep->label);
++                    strncpy(buf, ep->label, buf_len);
++                    buf[buf_len-1] = '\0';
+                     len = strlen(buf);
+                     break;
+                  }
+               }
+            }
+            if (!len) {
+-              sprintf(buf,"%ld", *var->val.integer);
++              snprintf(buf, buf_len, "%ld", *var->val.integer);
++              buf[buf_len-1] = '\0';
+               len = strlen(buf);
+            }
+            break;
+@@ -486,21 +488,25 @@
+         case ASN_COUNTER:
+         case ASN_TIMETICKS:
+         case ASN_UINTEGER:
+-           sprintf(buf,"%lu", (unsigned long) *var->val.integer);
++           snprintf(buf, buf_len, "%lu", (unsigned long) *var->val.integer);
++           buf[buf_len-1] = '\0';
+            len = strlen(buf);
+            break;
+ 
+         case ASN_OCTET_STR:
+         case ASN_OPAQUE:
+-           memcpy(buf, (char*)var->val.string, var->val_len);
+            len = var->val_len;
++           if ( len > buf_len )
++               len = buf_len;
++           memcpy(buf, (char*)var->val.string, len);
+            break;
+ 
+         case ASN_IPADDRESS:
+-          ip = (u_char*)var->val.string;
+-          sprintf(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+-          len = strlen(buf);
+-          break;
++           ip = (u_char*)var->val.string;
++           snprintf(buf, buf_len, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
++           buf[buf_len-1] = '\0';
++           len = strlen(buf);
++           break;
+ 
+         case ASN_NULL:
+            break;
+@@ -512,14 +518,14 @@
+           break;
+ 
+ 	case SNMP_ENDOFMIBVIEW:
+-          sprintf(buf,"%s", "ENDOFMIBVIEW");
+-	  break;
++           snprintf(buf, buf_len, "%s", "ENDOFMIBVIEW");
++	   break;
+ 	case SNMP_NOSUCHOBJECT:
+-	  sprintf(buf,"%s", "NOSUCHOBJECT");
+-	  break;
++	   snprintf(buf, buf_len, "%s", "NOSUCHOBJECT");
++	   break;
+ 	case SNMP_NOSUCHINSTANCE:
+-	  sprintf(buf,"%s", "NOSUCHINSTANCE");
+-	  break;
++	   snprintf(buf, buf_len, "%s", "NOSUCHINSTANCE");
++	   break;
+ 
+         case ASN_COUNTER64:
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+@@ -538,19 +544,19 @@
+ #endif
+ 
+         case ASN_BIT_STR:
+-            snprint_bitstring(buf, sizeof(buf), var, NULL, NULL, NULL);
++            snprint_bitstring(buf, buf_len, var, NULL, NULL, NULL);
+             len = strlen(buf);
+             break;
+ #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES
+         case ASN_OPAQUE_FLOAT:
+-	  if (var->val.floatVal)
+-	    sprintf(buf,"%f", *var->val.floatVal);
+-         break;
++           if (var->val.floatVal)
++              snprintf(buf, buf_len, "%f", *var->val.floatVal);
++           break;
+          
+         case ASN_OPAQUE_DOUBLE:
+-	  if (var->val.doubleVal)
+-	    sprintf(buf,"%f", *var->val.doubleVal);
+-         break;
++           if (var->val.doubleVal)
++              snprintf(buf, buf_len, "%f", *var->val.doubleVal);
++           break;
+ #endif
+          
+         case ASN_NSAP: