[Swan-commit] Changes to ref refs/heads/main

D. Hugh Redelmeier hugh at vault.libreswan.fi
Thu Mar 4 21:11:29 UTC 2021


New commits:
commit f490a1c54587654bd391295cc4a46b7793f94ff2
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Thu Mar 4 16:00:22 2021 -0500

    pluto: tighten up checking of representation of security labels
    
    A security label must must have at least two bytes (a non-empty string).
    
    In netlink_acquire()'s check, replace strlen with strnlen.
    This eliminates a potential buffer overrun.
    
    The strnlen test can detect two problems:
    - label is not NUL-terminated
    - label has an embedded NULL
    The diagnostics messages now reflect this.



More information about the Swan-commit mailing list