Add fix for CVE-2010-2891 taken from Debian's GIT repository.

devel/libsmi/Makefile

@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.16 2008/07/14 12:56:02 joerg Exp $
+# $NetBSD: Makefile,v 1.17 2010/11/23 11:30:50 tron Exp $
 
 DISTNAME=	libsmi-0.4.8
+PKGREVISION=	1
 CATEGORIES=	devel net
 MASTER_SITES=	ftp://ftp.ibr.cs.tu-bs.de/pub/local/libsmi/
 

devel/libsmi/distinfo

@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2008/07/13 22:26:13 tron Exp $
+$NetBSD: distinfo,v 1.6 2010/11/23 11:30:50 tron Exp $
 
 SHA1 (libsmi-0.4.8.tar.gz) = 77c512ccbdd29667d152398b0dcde533aed57b49
 RMD160 (libsmi-0.4.8.tar.gz) = 66fbe0e0128c4134cce386aaf754a48bb2d2580e
@@ -7,3 +7,4 @@ SHA1 (patch-aa) = 0daa795492391e52cce09db2334872838ea654f3
 SHA1 (patch-ab) = 2ebd512bfa4e284eaf892a5437f0bf12ad3ff36c
 SHA1 (patch-ac) = e10b25773c6df404b74a2cd28bac06cbd6183983
 SHA1 (patch-ad) = ca9376deac37b3c894f8d34e4b73473af49c7790
+SHA1 (patch-ae) = f8a56ba5ac896a02b09a6cd3139fd8284748324b

devel/libsmi/patches/patch-ae

@@ -0,0 +1,25 @@
+$NetBSD: patch-ae,v 1.1 2010/11/23 11:30:50 tron Exp $
+
+Fix for CVE-2010-2891 taken from here:
+
+http://git.debian.org/?p=collab-maint/libsmi.git;a=blob_plain;f=debian/patches/cve-2010-2891.patch;hb=1b460ead526610a66d032c75d191dd65bc5727f4
+
+--- lib/smi.c.orig	2008-04-18 11:42:50.000000000 +0100
++++ lib/smi.c	2010-11-23 11:27:28.000000000 +0000
+@@ -1314,10 +1314,15 @@
+     }
+ 
+     if (isdigit((int)node2[0])) {
+-	for (oidlen = 0, p = strtok(node2, ". "); p;
++	for (oidlen = 0, p = strtok(node2, ". ");
++	     p && oidlen < sizeof(oid)/sizeof(oid[0]);
+ 	     oidlen++, p = strtok(NULL, ". ")) {
+ 	    oid[oidlen] = strtoul(p, NULL, 0);
+ 	}
++	if (p) {
++	    /* the numeric OID is too long */
++	    return NULL;
++	}
+ 	nodePtr = getNode(oidlen, oid);
+ 	if (nodePtr) {
+ 	    if (modulePtr) {