strongswan/strongswan-5.6.2-CVE-2018-5388.patch
2019-03-15 18:07:26 +03:00

15 lines
641 B
Diff

diff -Naur strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c
--- strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c 2017-11-09 10:57:30.000000000 -0500
+++ strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c 2018-05-24 00:00:32.382953618 -0400
@@ -628,6 +628,11 @@
return FALSE;
}
+ if (len < offsetof(stroke_msg_t, buffer))
+ {
+ DBG1(DBG_CFG, "invalid stroke message length %d", len);
+ return FALSE;
+ }
/* read message (we need an additional byte to terminate the buffer) */
msg = malloc(len + 1);
msg->length = len;