snmp.c: Validate input OID string for `_cupsSNMPStringToOID()`
We can accept OID string as input in few cases (mainly via side channel)
and if the crafted OID string is sent, internal function
`asn1_size_oid()` can end up with stack buffer overflow.
The issue happens when one OID node is too large, or OID is invalid
(ending with dots) - we can fix it in `_cupsSNMPStringToOID()` by
checking if the last source character is a dot (invalid OID),
and by limiting integer for OID node to 0xffff.
projects / thirdparty / cups.git / commit
