net-snmp client library use-after-free

Reported by a zabbix developer. I have asked for a test, but I think
this is likely to be correct, strdup is used in similar situations in
other net-snmp code. OK if testing is positive?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/net-snmp/Makefile,v
retrieving revision 1.94
diff -u -p -r1.94 Makefile
--- Makefile 12 Oct 2016 10:50:33 -0000 1.94
+++ Makefile 29 Sep 2017 14:55:23 -0000
@@ -4,7 +4,7 @@ COMMENT-main= extendable SNMP implementa
COMMENT-tkmib= graphical SNMP MIB browser

V= 5.7.3
-REVISION-main= 11
+REVISION-main= 12

DISTNAME= net-snmp-$V
MULTI_PACKAGES= -main -tkmib
Index: patches/patch-snmplib_snmp_api_c
===================================================================
RCS file: patches/patch-snmplib_snmp_api_c
diff -N patches/patch-snmplib_snmp_api_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-snmplib_snmp_api_c 29 Sep 2017 14:55:23 -0000
@@ -0,0 +1,32 @@
+$OpenBSD$
+
+https://support.zabbix.com/browse/ZBX-12726
+https://sourceforge.net/p/net-snmp/bugs/2803/
+
+Index: snmplib/snmp_api.c
+--- snmplib/snmp_api.c.orig
++++ snmplib/snmp_api.c
+@@ -1546,8 +1546,8 @@ _sess_open(netsnmp_session * in_session)
+
+ if (NULL != in_session->localname) {
+ clientaddr_save =
+- netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
+- NETSNMP_DS_LIB_CLIENT_ADDR);
++ strdup(netsnmp_ds_get_string(NETSNMP_DS_LIBRARY_ID,
++ NETSNMP_DS_LIB_CLIENT_ADDR));
+ netsnmp_ds_set_string(NETSNMP_DS_LIBRARY_ID,
+ NETSNMP_DS_LIB_CLIENT_ADDR,
+ in_session->localname);
+@@ -1565,9 +1565,11 @@ _sess_open(netsnmp_session * in_session)
+ NULL);
+ }
+
+- if (NULL != clientaddr_save)
++ if (NULL != clientaddr_save) {
+ netsnmp_ds_set_string(NETSNMP_DS_LIBRARY_ID,
+ NETSNMP_DS_LIB_CLIENT_ADDR, clientaddr_save);
++ free(clientaddr_save);
++ }
+ }
+
+ if (transport == NULL) {