net-snmp/backport-libsnmp-Fix-a-buffer-overflow-in-setup_engineID.patch

From fbdf2ed2e0bb06050d314e008a34d9ecdb84be17 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 28 Oct 2024 09:21:45 -0700
Subject: [PATCH] libsnmp: Fix a buffer overflow in setup_engineID()

See also https://github.com/net-snmp/net-snmp/issues/732.

Conflict:NA
Reference:https://github.com/net-snmp/net-snmp/commit/fbdf2ed2e0bb06050d314e008a34d9ecdb84be17

diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
index ebb9a9caef..f453ad8fbe 100644
--- a/snmplib/snmpv3.c
+++ b/snmplib/snmpv3.c
@@ -580,8 +580,13 @@ setup_engineID(u_char ** eidp, const char *text)
     /*
      * Allocate memory and store enterprise ID.
      */
-    if ((bufp = (u_char *) calloc(1, len)) == NULL) {
-        snmp_log_perror("setup_engineID malloc");
+    if (len == 0) {
+        snmp_log(LOG_ERR, "%s(): len == 0\n", __func__);
+        return -1;
+    }
+    bufp = calloc(1, len);
+    if (bufp == NULL) {
+        snmp_log_perror("setup_engineID() calloc()");
         return -1;
     }
     if (localEngineIDType == ENGINEID_TYPE_NETSNMP_RND)
-- 
2.33.0