From 7af36109f6209f32b65174b2ac37d20458c5d6cf Mon Sep 17 00:00:00 2001
From: he <he@pkgsrc.org>
Date: Sun, 27 Apr 2014 12:10:55 +0000
Subject: Add a patch to fix CVS-2014-2015, a buffer overflow vulnerability.
 Patch taken from
 https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a

---
 net/freeradius2/Makefile                           |  4 ++--
 net/freeradius2/distinfo                           |  3 ++-
 .../patches/patch-src_modules_rlm__pap_rlm__pap.c  | 26 ++++++++++++++++++++++
 3 files changed, 30 insertions(+), 3 deletions(-)
 create mode 100644 net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c

diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile
index 8febd5817d0..4c7e75fda8c 100644
--- a/net/freeradius2/Makefile
+++ b/net/freeradius2/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2014/02/12 23:18:20 tron Exp $
+# $NetBSD: Makefile,v 1.35 2014/04/27 12:10:55 he Exp $
 
 DISTNAME=	freeradius-server-${RADVER}
 PKGNAME=	${DISTNAME:S/-server//}
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/net/freeradius2/distinfo b/net/freeradius2/distinfo
index 851bae7d13f..3a9f49c25f3 100644
--- a/net/freeradius2/distinfo
+++ b/net/freeradius2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2013/04/12 13:45:47 joerg Exp $
+$NetBSD: distinfo,v 1.16 2014/04/27 12:10:55 he Exp $
 
 SHA1 (freeradius-server-2.2.0.tar.bz2) = 8710b21972072241219f006d26f609cb58875cda
 RMD160 (freeradius-server-2.2.0.tar.bz2) = 243569a7ad93b292439e6938be8102dba12b843d
@@ -12,3 +12,4 @@ SHA1 (patch-aj) = 865882e6e6e935276529b98616c9059c555272b9
 SHA1 (patch-ak) = 751aba6a3f9716279f3a87871cf7008b7a921f9a
 SHA1 (patch-al) = 6d68e3e2d7dd50675f142be974b277da0f664c8b
 SHA1 (patch-man_man5_dictionary.5) = cc662beeb2351501c9761e4ce6fc8402c7907b30
+SHA1 (patch-src_modules_rlm__pap_rlm__pap.c) = 595c5dafb22d71fbcb00974e4fc56a1fd1e7c7c3
diff --git a/net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c b/net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c
new file mode 100644
index 00000000000..e464afa9f3a
--- /dev/null
+++ b/net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_modules_rlm__pap_rlm__pap.c,v 1.1 2014/04/27 12:10:55 he Exp $
+
+Increase buffer size, and use output buffer size as limit for hex2bin.
+Should fix CVE-2014-2015, patch from
+https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a
+
+--- src/modules/rlm_pap/rlm_pap.c.orig	2012-09-10 11:51:34.000000000 +0000
++++ src/modules/rlm_pap/rlm_pap.c
+@@ -245,7 +245,7 @@ static int base64_decode (const char *sr
+ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ {
+ 	size_t decoded;
+-	uint8_t buffer[64];
++	uint8_t buffer[256];
+ 
+ 	if (min_length >= sizeof(buffer)) return; /* paranoia */
+ 
+@@ -253,7 +253,7 @@ static void normify(REQUEST *request, VA
+ 	 *	Hex encoding.
+ 	 */
+ 	if (vp->length >= (2 * min_length)) {
+-		decoded = fr_hex2bin(vp->vp_strvalue, buffer, vp->length >> 1);
++		decoded = fr_hex2bin(vp->vp_strvalue, buffer, sizeof(buffer));
+ 		if (decoded == (vp->length >> 1)) {
+ 			RDEBUG2("Normalizing %s from hex encoding", vp->name);
+ 			memcpy(vp->vp_octets, buffer, decoded);
-- 
cgit v1.2.3