Fix CVE-2012-3547. Found by Timo Warns

author Alan T. DeKok <aland@freeradius.org>

Mon, 10 Sep 2012 06:18:34 +0000 (08:18 +0200)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 10 Sep 2012 08:28:15 +0000 (10:28 +0200)
author Alan T. DeKok <aland@freeradius.org>
Mon, 10 Sep 2012 06:18:34 +0000 (08:18 +0200)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 10 Sep 2012 08:28:15 +0000 (10:28 +0200)
diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

index 8b31573..799ee8a 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -608,7 +608,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx)
          */
         buf[0] = '\0';
         asn_time = X509_get_notAfter(client_cert);
-       if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) {
+       if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) {
                 memcpy(buf, (char*) asn_time->data, asn_time->length);
                 buf[asn_time->length] = '\0';
                 pairadd(&handler->certs,
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 10 Sep 2012 06:18:34 +0000 (08:18 +0200)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 10 Sep 2012 08:28:15 +0000 (10:28 +0200)