From 9e74a0952e27e3ac0055b0831919aaddfef1e1b5 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 5 Sep 2016 10:54:07 +0200
Subject: [PATCH] nm: Enforce min. length for PSKs in backend

---
 src/charon-nm/nm/nm_service.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 5991c24..c0c78ef 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -428,6 +428,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 		{
 			user = identification_create_from_string((char*)str);
 			str = nm_setting_vpn_get_secret(vpn, "password");
+			if (auth_class == AUTH_CLASS_PSK &&
+				strlen(str) < 20)
+			{
+				g_set_error(err, NM_VPN_PLUGIN_ERROR,
+							NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+							"pre-shared key is too short.");
+				gateway->destroy(gateway);
+				user->destroy(user);
+				return FALSE;
+			}
 			priv->creds->set_username_password(priv->creds, user, (char*)str);
 		}
 	}
-- 
1.9.1