From aca4010a6bf36b2d30061dff12f52777b32d470c Mon Sep 17 00:00:00 2001
From: wangxp006 <wangxiaopeng7@huawei.com>
Date: Wed, 30 Sep 2020 11:20:18 +0800
Subject: [PATCH] fix CVE-2018-10932

---
 CVE-2018-10932.patch | 54 ++++++++++++++++++++++++++++++++++++++++++++
 lldpad.spec          |  9 +++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2018-10932.patch

diff --git a/CVE-2018-10932.patch b/CVE-2018-10932.patch
new file mode 100644
index 0000000..5747575
--- /dev/null
+++ b/CVE-2018-10932.patch
@@ -0,0 +1,54 @@
+From cf3f54d1883e5bc23e4c4006a63e1dde88684013 Mon Sep 17 00:00:00 2001
+From: Aaron Conole <aconole@redhat.com>
+Date: Thu, 21 Jun 2018 13:28:48 -0400
+Subject: [PATCH] basman_clif: print the OID properly
+ 
+When invoking the lldp tool to view the management information, the display
+for the OID is printed as the actual binary bits, rather than the
+OID dotted-notation form.
+ 
+This change will display the OID as expected.
+
+reason:fix CVE-2018-10932
+
+https://github.com/intel/openlldp/pull/7/commits/cf3f54d1883e5bc23e4c4006a63e1dde88684013
+ 
+Signed-off-by: Aaron Conole <aconole@redhat.com>
+---
+ lldp_basman_clif.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+ 
+diff --git a/lldp_basman_clif.c b/lldp_basman_clif.c
+index 7dba9d2..abd152d 100644
+--- a/lldp_basman_clif.c
++++ b/lldp_basman_clif.c
+@@ -272,8 +272,15 @@ void print_mng_addr(u16 len, char *info)
+ 		memset(buf, 0, sizeof(buf));
+ 		if (hexstr2bin(info+offset, (u8 *)&buf, oidlen))
+ 			printf("\tOID: Error parsing OID\n");
+-		else
+-			printf("\tOID: %s\n", buf);
++		else {
++			printf("\tOID: 0.");
++			for (i = 0; i < oidlen; ++i) {
++				printf("%d", buf[i]);
++				if (i != (oidlen - 1))
++					printf(".");
++			}
++			printf("\n");
++		}
+ 	} else if (oidlen > 128) {
+ 		printf("\tOID: Invalid length = %d\n", oidlen);
+ 	}
+@@ -310,3 +317,10 @@ u32 basman_lookup_tlv_name(char *tlvid_str)
+ 	}
+ 	return INVALID_TLVID;
+ }
++
++/* Local Variables:    */
++/* c-indent-level: 8   */
++/* c-basic-offset: 8   */
++/* tab-width: 8        */
++/* indent-tabs-mode: t */
++/* End:                */
+
diff --git a/lldpad.spec b/lldpad.spec
index a5ed959..11cbeeb 100644
--- a/lldpad.spec
+++ b/lldpad.spec
@@ -4,7 +4,7 @@
 
 Name:               lldpad
 Version:            1.0.1
-Release:            13
+Release:            14
 Summary:            Intel LLDP Agent
 License:            GPLv2
 URL:                https://www.open-lldp.org
@@ -36,6 +36,7 @@ Patch24:	    open-lldp-v1.0.1-24-switch-from-sysv-to-posix-shared-memory-apis.pa
 Patch25:	    open-lldp-v1.0.1-25-l2_linux_packet-correctly-process-return-value-of-ge.patch
 Patch26:	    open-lldp-v1.0.1-26-lldpad-system-capability-incorrect-advertised-as-sta.patch
 Patch27:	    open-lldp-v1.0.1-27-fix-build-warnings.patch
+Patch28:	    CVE-2018-10932.patch
 
 BuildRequires:      automake autoconf libtool flex kernel-headers libconfig-devel
 BuildRequires:      libnl3-devel readline-devel systemd git
@@ -110,6 +111,12 @@ make check
 %{_mandir}/man*/*
 
 %changelog
+* Wed Sep 30 2020 wangxiaopeng <wangxiaopeng7@huawei.com> - 1.0.1-14
+- Type:CVE
+- Id:CVE-2018-10932
+- SUG:NA
+- DESC:fix CVE-2018-10932
+
 * Sat Oct 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.0.1-13
 - Type:enhancement
 - Id:NA
-- 
Gitee