From: zdohnal <zdohnal@redhat.com>
Date: Tue, 19 Mar 2024 09:41:19 +0000 (+0100)
Subject: snmp.c: Validate input OID string for `_cupsSNMPStringToOID()`
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebd0d5156a5ba24ae2e5fe7d2ce26b9d3687dbec;p=thirdparty%2Fcups.git

snmp.c: Validate input OID string for `_cupsSNMPStringToOID()`

We can accept OID string as input in few cases (mainly via side channel) and if the crafted OID string is sent, internal function asn1_size_oid() can end up with stack buffer overflow.

The issue happens when one OID node is too large, or OID is invalid (ending with dots) - we can fix it in _cupsSNMPStringToOID() by checking if the last source character is a dot (invalid OID), and by limiting integer for OID node to 0xffff.

Fixes #905
---

ebd0d5156a5ba24ae2e5fe7d2ce26b9d3687dbec