From 2261523e56d6b2ed37f3ed376f343a1f5f0cd6a8 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 13 Mar 2018 18:54:08 +0100
Subject: [PATCH] stroke: Ensure a minimum message length

Also includes f44b1eb4447085cff350bcd89dbcd080347b91f8 to terminate the
message strings.
---
 src/libcharon/plugins/stroke/stroke_socket.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index e2865a640e00..50a835f24aa3 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -573,15 +573,23 @@ static job_requeue_t process(stroke_job_context_t *ctx)
 			 strerror(errno));
 		return job_processed(this);
 	}
+	if (msg_length < offsetof(stroke_msg_t, buffer))
+	{
+		DBG1(DBG_CFG, "invalid stroke message length %d", msg_length);
+		return job_processed(this);
+	}
 
-	/* read message */
-	msg = alloca(msg_length);
+	/* read message (we need an additional byte to terminate the buffer) */
+	msg = alloca(msg_length + 1);
 	bytes_read = recv(strokefd, msg, msg_length, 0);
 	if (bytes_read != msg_length)
 	{
 		DBG1(DBG_CFG, "reading stroke message failed: %s", strerror(errno));
 		return job_processed(this);
 	}
+	/* make sure even incorrectly unterminated strings don't extend over the
+	 * message boundaries */
+	((char*)msg)[msg_length] = '\0';
 
 	out = fdopen(strokefd, "w+");
 	if (out == NULL)
-- 
2.7.4