diff -rup net-snmp-5.4.2/agent/helpers/table_data.c net-snmp-5.4.2.1/agent/helpers/table_data.c --- net-snmp-5.4.2/agent/helpers/table_data.c 2008-09-24 03:26:29.000000000 -0600 +++ net-snmp-5.4.2.1/agent/helpers/table_data.c 2008-09-24 03:26:46.000000000 -0600 @@ -80,16 +80,20 @@ netsnmp_table_data_clone_row(netsnmp_tab if (row->indexes) { newrow->indexes = snmp_clone_varbind(newrow->indexes); - if (!newrow->indexes) + if (!newrow->indexes) { + free (newrow); return NULL; + } } if (row->index_oid) { memdup((u_char **) & newrow->index_oid, (u_char *) row->index_oid, row->index_oid_len * sizeof(oid)); - if (!newrow->index_oid) + if (!newrow->index_oid) { + free (newrow); return NULL; + } } return newrow; diff -rup net-snmp-5.4.2/agent/helpers/table_dataset.c net-snmp-5.4.2.1/agent/helpers/table_dataset.c --- net-snmp-5.4.2/agent/helpers/table_dataset.c 2008-09-24 03:26:29.000000000 -0600 +++ net-snmp-5.4.2.1/agent/helpers/table_dataset.c 2008-09-24 03:26:46.000000000 -0600 @@ -563,7 +563,7 @@ netsnmp_table_data_set_helper_handler(ne data = (netsnmp_table_data_set_storage *) row->data; if (!row || !table_info || !data) { - if (!MODE_IS_SET(reqinfo->mode)) { + if (!MODE_IS_SET(reqinfo->mode) || !table_info) { netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE); continue; @@ -993,6 +993,7 @@ netsnmp_config_parse_table_set(const cha if (!snmp_parse_oid(tp->augments, name, &name_length)) { config_pwarn("I can't parse the augment tabel name"); snmp_log(LOG_WARNING, " can't parse %s\n", tp->augments); + SNMP_FREE (table_set); return; } if(NULL == (tp2 = get_tree(name, name_length, get_tree_head()))) { @@ -1000,6 +1001,7 @@ netsnmp_config_parse_table_set(const cha "I can't find mib information about augment table"); snmp_log(LOG_WARNING, " table %s not found in tree\n", tp->augments); + SNMP_FREE (table_set); return; } _table_set_add_indexes(table_set, tp2); @@ -1091,6 +1093,7 @@ netsnmp_config_parse_add_row(const char vb = vb->next_variable) { if (!line) { config_pwarn("missing an index value"); + SNMP_FREE (row); return; } @@ -1110,6 +1113,7 @@ netsnmp_config_parse_add_row(const char "All columns must be specified."); snmp_log(LOG_WARNING," can't find value for column %d\n", dr->column - 1); + SNMP_FREE (row); return; } diff -rup net-snmp-5.4.2/agent/mibgroup/mibII/ipv6.c net-snmp-5.4.2.1/agent/mibgroup/mibII/ipv6.c --- net-snmp-5.4.2/agent/mibgroup/mibII/ipv6.c 2008-09-24 03:26:24.000000000 -0600 +++ net-snmp-5.4.2.1/agent/mibgroup/mibII/ipv6.c 2008-09-24 03:26:42.000000000 -0600 @@ -778,7 +778,7 @@ var_ifv6Entry(register struct variable * memset(&ifr, 0, sizeof(ifr)); ifr.ifr_addr.sa_family = AF_INET6; strncpy(ifr.ifr_name, if_getname(interface), - sizeof(ifr.ifr_name)); + sizeof(ifr.ifr_name) - 1); if ((s = socket(ifr.ifr_addr.sa_family, SOCK_DGRAM, 0)) < 0) break; if (ioctl(s, SIOCGIFMTU, (caddr_t) & ifr) < 0) { diff -rup net-snmp-5.4.2/agent/mibgroup/mibII/vacm_context.c net-snmp-5.4.2.1/agent/mibgroup/mibII/vacm_context.c --- net-snmp-5.4.2/agent/mibgroup/mibII/vacm_context.c 2008-09-24 03:26:24.000000000 -0600 +++ net-snmp-5.4.2.1/agent/mibgroup/mibII/vacm_context.c 2008-09-24 03:26:42.000000000 -0600 @@ -95,6 +95,7 @@ init_vacm_context(void) if (!table_info || !iinfo) { SNMP_FREE(table_info); SNMP_FREE(iinfo); + SNMP_FREE(my_handler); return; } diff -rup net-snmp-5.4.2/apps/encode_keychange.c net-snmp-5.4.2.1/apps/encode_keychange.c --- net-snmp-5.4.2/apps/encode_keychange.c 2008-09-24 03:26:18.000000000 -0600 +++ net-snmp-5.4.2.1/apps/encode_keychange.c 2008-09-24 03:26:36.000000000 -0600 @@ -478,7 +478,7 @@ get_user_passphrases(void) char path[SNMP_MAXBUF], buf[SNMP_MAXBUF], *s = NULL; struct stat statbuf; - FILE *fp; + FILE *fp = NULL; @@ -624,6 +624,9 @@ get_user_passphrases(void) SNMP_FREE(nbuf); } + if (fp) + fclose (fp); + return rval; } /* end get_user_passphrases() */ diff -rup net-snmp-5.4.2/snmplib/container_binary_array.c net-snmp-5.4.2.1/snmplib/container_binary_array.c --- net-snmp-5.4.2/snmplib/container_binary_array.c 2008-09-24 03:26:31.000000000 -0600 +++ net-snmp-5.4.2.1/snmplib/container_binary_array.c 2008-09-24 03:26:48.000000000 -0600 @@ -531,8 +531,11 @@ _ba_get_subset(netsnmp_container *contai va = SNMP_MALLOC_TYPEDEF(netsnmp_void_array); if (NULL==va) + { + free (rtn); return NULL; - + } + va->size = len; va->array = rtn; diff -rup net-snmp-5.4.2/snmplib/keytools.c net-snmp-5.4.2.1/snmplib/keytools.c --- net-snmp-5.4.2/snmplib/keytools.c 2008-09-24 03:26:32.000000000 -0600 +++ net-snmp-5.4.2.1/snmplib/keytools.c 2008-09-24 04:09:06.000000000 -0600 @@ -401,6 +401,9 @@ encode_keychange(const oid * hashtype, u /* * Sanity check. */ + if (!kcstring || !kcstring_len) + return SNMPERR_GENERR; + if (!hashtype || !oldkey || !newkey || !kcstring || !kcstring_len || (oldkey_len <= 0) || (newkey_len <= 0) || (*kcstring_len <= 0) || (hashtype_len != USM_LENGTH_OID_TRANSFORM)) { diff -rup net-snmp-5.4.2/snmplib/mib.c net-snmp-5.4.2.1/snmplib/mib.c --- net-snmp-5.4.2/snmplib/mib.c 2008-09-24 03:26:31.000000000 -0600 +++ net-snmp-5.4.2.1/snmplib/mib.c 2008-09-24 05:59:56.000000000 -0600 @@ -3366,17 +3366,19 @@ sprint_realloc_value(u_char ** buf, size NETSNMP_DS_LIB_DONT_PRINT_UNITS)) { units = subtree->units; } - if (subtree && subtree->printomat) { + if (subtree) { + if(subtree->printomat) { return (*subtree->printomat) (buf, buf_len, out_len, allow_realloc, variable, subtree->enums, subtree->hint, units); - } else { - return sprint_realloc_by_type(buf, buf_len, out_len, - allow_realloc, variable, - subtree->enums, subtree->hint, - units); - } + } else { + return sprint_realloc_by_type(buf, buf_len, out_len, + allow_realloc, variable, + subtree->enums, subtree->hint, + units); + } + } #else return sprint_realloc_by_type(buf, buf_len, out_len, allow_realloc, variable, diff -rup net-snmp-5.4.2/snmplib/parse.c net-snmp-5.4.2.1/snmplib/parse.c --- net-snmp-5.4.2/snmplib/parse.c 2008-09-24 03:26:32.000000000 -0600 +++ net-snmp-5.4.2.1/snmplib/parse.c 2008-09-24 06:03:19.000000000 -0600 @@ -2952,6 +2952,9 @@ eat_syntax(FILE * fp, char *token, int m struct node *np = alloc_node(current_module); char nexttoken[MAXTOKEN]; + if (!np) + return 0; + type = get_token(fp, token, maxtoken); nexttype = get_token(fp, nexttoken, MAXTOKEN); switch (type) { diff -rup net-snmp-5.4.2/snmplib/snmp_api.c net-snmp-5.4.2.1/snmplib/snmp_api.c --- net-snmp-5.4.2/snmplib/snmp_api.c 2008-09-24 03:26:32.000000000 -0600 +++ net-snmp-5.4.2.1/snmplib/snmp_api.c 2008-09-24 08:42:53.000000000 -0600 @@ -1723,8 +1723,7 @@ create_user_from_session(netsnmp_session return SNMPERR_GENERR; } user->authKeyLen = session->securityAuthLocalKeyLen; - } else if (session->securityAuthKey != NULL - && session->securityAuthKeyLen != 0) { + } else if (session->securityAuthKeyLen != 0) { SNMP_FREE(user->authKey); user->authKey = (u_char *) calloc(1, USM_LENGTH_KU_HASHBLOCK); if (user->authKey == NULL) { @@ -1768,8 +1767,7 @@ create_user_from_session(netsnmp_session return SNMPERR_GENERR; } user->privKeyLen = session->securityPrivLocalKeyLen; - } else if (session->securityPrivKey != NULL - && session->securityPrivKeyLen != 0) { + } else if (session->securityPrivKeyLen != 0) { SNMP_FREE(user->privKey); user->privKey = (u_char *) calloc(1, USM_LENGTH_KU_HASHBLOCK); if (user->privKey == NULL) { diff -rup net-snmp-5.4.2/snmplib/snmpUDPIPv6Domain.c net-snmp-5.4.2.1/snmplib/snmpUDPIPv6Domain.c --- net-snmp-5.4.2/snmplib/snmpUDPIPv6Domain.c 2008-09-24 03:26:32.000000000 -0600 +++ net-snmp-5.4.2.1/snmplib/snmpUDPIPv6Domain.c 2008-09-24 09:32:29.000000000 -0600 @@ -690,7 +690,11 @@ inet_make_mask_addr(int pf, void *dst, i mask |= maskbit; maskbit >>= 1; } - (*(u_char *) (&((struct in6_addr *) dst)->s6_addr[j])) = mask; + + if (j < sizeof (((struct in6_addr *) dst)->s6_addr)){ + (*(u_char *) (&((struct in6_addr *) dst)->s6_addr[j])) = mask; + } + break; default: return -1; /* unsupported protocol family */ @@ -1066,39 +1070,39 @@ netsnmp_udp6_parse_security(const char * * Deal with the network part first. */ if ((strcmp(source, "default") == 0) || (strcmp(source, "::") == 0)) { - strnetwork = strdup("0::0"); - strmask = strdup("0::0"); - - inet_pton(AF_INET6, strnetwork, &net.sin6_addr); - inet_pton(AF_INET6, strmask, &mask.sin6_addr); - - e = (com2Sec6Entry *) malloc(sizeof(com2Sec6Entry)); - if (e == NULL) { - config_perror("memory error"); - return; - } - /* - * Everything is okay. Copy the parameters to the structure allocated - * above and add it to END of the list. - */ - if (strmask != NULL && strnetwork != NULL) { - DEBUGMSGTL(("netsnmp_udp6_parse_security", - "<\"%s\", %s/%s> => \"%s\"\n", community, - strnetwork, strmask, secName)); - free(strmask); - free(strnetwork); - } else { - DEBUGMSGTL(("netsnmp_udp6_parse_security", - "Couldn't allocate enough memory\n")); - } - memmove_com2Sec6Entry(e, secName, community, net, mask, contextName); - if (com2Sec6ListLast != NULL) { - com2Sec6ListLast->next = e; - com2Sec6ListLast = e; - } else { - com2Sec6ListLast = com2Sec6List = e; - } - + if ((strnetwork = strdup("0::0")) != NULL) + { + if ((strmask = strdup("0::0")) != NULL) + { + + inet_pton(AF_INET6, strnetwork, &net.sin6_addr); + inet_pton(AF_INET6, strmask, &mask.sin6_addr); + + e = (com2Sec6Entry *) malloc(sizeof(com2Sec6Entry)); + if (e != NULL) { + memmove_com2Sec6Entry(e, secName, community, net, mask, contextName); + if (com2Sec6ListLast != NULL) { + com2Sec6ListLast->next = e; + com2Sec6ListLast = e; + } else { + com2Sec6ListLast = com2Sec6List = e; + } + } + else { + config_perror ("memory error"); + } + free (strmask); + } + else { + DEBUGMSGTL(("netsnmp_udp6_parse_security", + "Couldn't allocate enough memory\n")); + } + free (strnetwork); + } + else { + DEBUGMSGTL(("netsnmp_udp6_parse_security", + "Couldn't allocate enough memory\n")); + } } else { /* * Try interpreting as IPv6 address.