[Swan-commit] Changes to ref refs/heads/main
D. Hugh Redelmeier
hugh at vault.libreswan.fi
Thu Mar 4 21:11:29 UTC 2021
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Thu Mar 4 16:00:22 2021 -0500
pluto: tighten up checking of representation of security labels
A security label must must have at least two bytes (a non-empty string).
In netlink_acquire()'s check, replace strlen with strnlen.
This eliminates a potential buffer overrun.
The strnlen test can detect two problems:
- label is not NUL-terminated
- label has an embedded NULL
The diagnostics messages now reflect this.
More information about the Swan-commit