New commits:
commit 923cba70f4604365807aedd70d89f1d5bee9187e
Author: Andrew Cagney <[email protected]>
Date: Mon Mar 1 19:08:48 2021 -0500
sec-label: fix leak when parsing IKEv2 TS security labels
Change struct traffic_selector's .sec_label to a shunk_t.
It alwas points into someone elses memory, for instance:
- in v2_parse_ts(), the struct pbs_in's packet
- in ikev2_end_to_ts(), the state's .st_{seen,acquired}_sec_label
- in ind_connection_for_clients(), the acquire's XFRM buffer
Also change se_label_match()'s first parameter to shunk_t so that it
matches .sec_label (and lets HUNK_AS_SHUNK() do its job).
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
