From cda231aadfb9f7e86474a91a37593e44d6f58ee6 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea@FreeBSD.org>
Date: Tue, 11 Sep 2012 13:03:52 +0400
Subject: [PATCH] net/freeradius2: fix CVE-2012-3547, remote code execution

Patch was taken from upstream
  https://github.com/alandekok/freeradius-server/commit/78e5aed56c36a9231bc91ea5f55b3edf88a9d2a4.diff

Security: http://www.vuxml.org/freebsd/3bbbe3aa-fbeb-11e1-8bd8-0022156e8794.html
Signed-off-by: Eygene Ryabinkin <rea@FreeBSD.org>
---
 net/freeradius2/Makefile                  |  2 +-
 net/freeradius2/files/patch-cve-2012-3547 | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 net/freeradius2/files/patch-cve-2012-3547

diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile
index f8433b5..e216ef8 100644
--- a/net/freeradius2/Makefile
+++ b/net/freeradius2/Makefile
@@ -9,7 +9,7 @@
 
 PORTNAME=	freeradius
 DISTVERSION=	2.1.12
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
 		ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
diff --git a/net/freeradius2/files/patch-cve-2012-3547 b/net/freeradius2/files/patch-cve-2012-3547
new file mode 100644
index 0000000..37e02a4
--- /dev/null
+++ b/net/freeradius2/files/patch-cve-2012-3547
@@ -0,0 +1,15 @@
+Taken-from: https://github.com/alandekok/freeradius-server/commit/78e5aed56c36a9231bc91ea5f55b3edf88a9d2a4.diff
+
+diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+index 8b31573..799ee8a 100644
+--- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
++++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+@@ -608,7 +608,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ 	 */
+ 	buf[0] = '\0';
+ 	asn_time = X509_get_notAfter(client_cert);
+-	if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) {
++	if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) {
+ 		memcpy(buf, (char*) asn_time->data, asn_time->length);
+ 		buf[asn_time->length] = '\0';
+ 		pairadd(&handler->certs,
-- 
1.7.11.3