From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 10 Sep 2012 06:18:34 +0000 (+0200)
Subject: Fix CVE-2012-3547.  Found by Timo Warns
X-Git-Tag: release_2_2_0~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78e5aed56c36a9231bc91ea5f55b3edf88a9d2a4;p=thirdparty%2Ffreeradius-server.git

Fix CVE-2012-3547.  Found by Timo Warns
---

diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
index 8b315735461..799ee8a8762 100644
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -608,7 +608,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	 */
 	buf[0] = '\0';
 	asn_time = X509_get_notAfter(client_cert);
-	if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) {
+	if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) {
 		memcpy(buf, (char*) asn_time->data, asn_time->length);
 		buf[asn_time->length] = '\0';
 		pairadd(&handler->certs,