rta->rta_len is NOT the payload data length, use RTA_PAYLOAD(rta) instead!
authorMartin Willi <martin@strongswan.org>
Fri, 14 Nov 2008 10:30:26 +0000 (10:30 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 14 Nov 2008 10:30:26 +0000 (10:30 -0000)
src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c

index aa4dea9..fbcd676 100644 (file)
@@ -1146,9 +1146,10 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
        rtasize = XFRM_PAYLOAD(out, struct xfrm_aevent_id);
        while(RTA_OK(rta, rtasize))
        {
-               if (rta->rta_type == XFRMA_REPLAY_VAL)
+               if (rta->rta_type == XFRMA_REPLAY_VAL &&
+                       RTA_PAYLOAD(rta) == sizeof(struct xfrm_replay_state))
                {
-                       memcpy(replay, RTA_DATA(rta), rta->rta_len);
+                       memcpy(replay, RTA_DATA(rta), RTA_PAYLOAD(rta));
                        free(out);
                        return SUCCESS;
                }