Overview

File freeradius-server-2.1.10-CVE-2012-3547.patch of Package freeradius-server.1216

Index: freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
===================================================================
--- freeradius-server-2.1.12.orig/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c	2011-09-30 16:12:07.000000000 +0200
+++ freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c	2012-08-30 16:14:46.047660669 +0200
@@ -531,7 +531,7 @@ static int cbtls_verify(int ok, X509_STO
 	 */
 	buf[0] = '\0';
 	asn_time = X509_get_notAfter(client_cert);
-	if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) {
+	if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) {
 		memcpy(buf, (char*) asn_time->data, asn_time->length);
 		buf[asn_time->length] = '\0';
 		pairadd(&handler->certs,
openSUSE Build Service is sponsored by
Places