stroke: Ensure a minimum message length
authorTobias Brunner <tobias@strongswan.org>
Tue, 13 Mar 2018 17:54:08 +0000 (18:54 +0100)
committerTobias Brunner <tobias@strongswan.org>
Mon, 19 Mar 2018 17:06:00 +0000 (18:06 +0100)
src/libcharon/plugins/stroke/stroke_socket.c

index c568440..1e7f210 100644 (file)
@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
                }
                return FALSE;
        }
+       if (len < offsetof(stroke_msg_t, buffer))
+       {
+               DBG1(DBG_CFG, "invalid stroke message length %d", len);
+               return FALSE;
+       }
 
        /* read message (we need an additional byte to terminate the buffer) */
        msg = malloc(len + 1);