From c5ab96e4f97e9b5ab966b0c6ab961298843e5d73 Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Dec 09 2020 20:26:18 +0000
Subject: Apply patch libsmi-0.4.8-CVE-2010-2891.patch


patch_name: libsmi-0.4.8-CVE-2010-2891.patch
present_in_specfile: true

---

diff --git a/lib/smi.c b/lib/smi.c
index 244629e..d6a8ebe 100644
--- a/lib/smi.c
+++ b/lib/smi.c
@@ -1314,10 +1314,15 @@ SmiNode *smiGetNode(SmiModule *smiModulePtr, const char *node)
     }
 
     if (isdigit((int)node2[0])) {
-	for (oidlen = 0, p = strtok(node2, ". "); p;
+	for (oidlen = 0, p = strtok(node2, ". ");
+	     p && oidlen < sizeof(oid)/sizeof(oid[0]);
 	     oidlen++, p = strtok(NULL, ". ")) {
 	    oid[oidlen] = strtoul(p, NULL, 0);
 	}
+	if (p) {
+	    /* the numeric OID is too long */
+	    return NULL;
+	}
 	nodePtr = getNode(oidlen, oid);
 	if (nodePtr) {
 	    if (modulePtr) {