Fix possible null pointer dereference (CVE-2015-5185)

sblim-sfcb-1.4.9-fix-null-deref.patch

@@ -0,0 +1,13 @@
+diff -up sblim-sfcb-1.4.9/providerMgr.c.orig sblim-sfcb-1.4.9/providerMgr.c
+--- sblim-sfcb-1.4.9/providerMgr.c.orig	2014-11-25 02:43:12.000000000 +0100
++++ sblim-sfcb-1.4.9/providerMgr.c	2015-08-24 11:57:18.945280460 +0200
+@@ -355,6 +355,9 @@ lookupProviders(long type, char *classNa
+ 
+   _SFCB_ENTER(TRACE_PROVIDERMGR, "lookupProviders");
+ 
++  if (className == NULL)
++    _SFCB_RETURN(NULL);
++
+   id = malloc(strlen(nameSpace) + strlen(className) + 8);
+   strcpy(id, nameSpace);
+   strcat(id, "|");

sblim-sfcb.spec

@@ -8,7 +8,7 @@ Name: sblim-sfcb
 Summary: Small Footprint CIM Broker
 URL: http://sblim.wiki.sourceforge.net/
 Version: 1.4.9
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: Applications/System
 License: EPL
 Source0: http://downloads.sourceforge.net/sblim/%{name}-%{version}.tar.bz2
@@ -32,6 +32,8 @@ Patch4: sblim-sfcb-1.3.16-multilib-man-cfg.patch
 #   in openssl on Fedora, rhbz#1097794
 Patch5: sblim-sfcb-1.4.8-default-ecdh-curve-name.patch
 Patch6: sblim-sfcb-1.4.9-fix-ftbfs.patch
+# Patch7: fix possible null pointer dereference (CVE-2015-5185), rhbz#1255802
+Patch7: sblim-sfcb-1.4.9-fix-null-deref.patch
 Provides: cim-server = 0
 Requires: cim-schema
 Requires: sblim-sfcCommon
@@ -66,6 +68,7 @@ Programming Interface (CMPI).
 %patch4 -p1 -b .multilib-man-cfg
 %patch5 -p1 -b .default-ecdh-curve-name
 %patch6 -p1 -b .fix-ftbfs
+%patch7 -p1 -b .fix-null-deref
 
 %build
 %configure --enable-debug --enable-uds --enable-ssl --enable-pam --enable-ipv6 \
@@ -125,6 +128,10 @@ fi;
 %files -f _pkg_list
 
 %changelog
+* Mon Aug 24 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 1.4.9-4
+- Fix possible null pointer dereference (CVE-2015-5185)
+  Resolves: #1255587
+
 * Mon Jul 13 2015 Vitezslav Crhonek <vcrhonek@redhat.com> - 1.4.9-3
 - Fix sblim-sfcb FTBFS in rawhide
   Resolves: #1239986