Fixed check for member of stroke_msg_t in pop_string.
authorTobias Brunner <tobias@strongswan.org>
Wed, 13 Apr 2011 16:18:03 +0000 (18:18 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 13 Apr 2011 16:18:03 +0000 (18:18 +0200)
Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).

src/libcharon/plugins/stroke/stroke_socket.c

index 18e7790..423322d 100644 (file)
@@ -122,7 +122,7 @@ static void pop_string(stroke_msg_t *msg, char **string)
 
        /* check for sanity of string pointer and string */
        if (string < (char**)msg ||
-               string > (char**)msg + sizeof(stroke_msg_t) ||
+               string > (char**)((char*)msg + sizeof(stroke_msg_t)) ||
                (unsigned long)*string < (unsigned long)((char*)msg->buffer - (char*)msg) ||
                (unsigned long)*string > msg->length)
        {