New commits:
commit f490a1c54587654bd391295cc4a46b7793f94ff2
Author: D. Hugh Redelmeier <[email protected]>
Date: Thu Mar 4 16:00:22 2021 -0500
pluto: tighten up checking of representation of security labels
A security label must must have at least two bytes (a non-empty string).
In netlink_acquire()'s check, replace strlen with strnlen.
This eliminates a potential buffer overrun.
The strnlen test can detect two problems:
- label is not NUL-terminated
- label has an embedded NULL
The diagnostics messages now reflect this.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
