1 files changed, 31 insertions, 0 deletions

diff --git a/main/strongswan/0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch b/main/strongswan/0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
new file mode 100644
index 0000000000..945f1da2b0
--- /dev/null
+++ b/main/strongswan/0101-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
@@ -0,0 +1,31 @@
+From e0e3b6d92b37ba6633a9cd7f0ed2bd3ce56fdcc0 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Thu, 16 Jul 2015 11:43:44 +0200
+Subject: [PATCH] kernel-netlink: Actually verify if the netlink message
+ exceeds the buffer size
+
+It might equal it and that's fine. With MSG_TRUNC we get the actual
+message size and can only report an error if we haven't received the
+complete message.
+---
+ src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+index b0e3103..809d0f4 100644
+--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+@@ -185,8 +185,8 @@ static ssize_t read_msg(private_netlink_socket_t *this,
+ 			return -1;
+ 		}
+ 	}
+-	len = recv(this->socket, buf, buflen, block ? 0 : MSG_DONTWAIT);
+-	if (len == buflen)
++	len = recv(this->socket, buf, buflen, (block ? 0 : MSG_DONTWAIT)|MSG_TRUNC);
++	if (len > buflen)
+ 	{
+ 		DBG1(DBG_KNL, "netlink response exceeds buffer size");
+ 		return 0;
+-- 
+2.4.6
+