From aee071ed8b4dc05b12d5eda2622a097dadbea1ea Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 13 Apr 2011 18:18:03 +0200
Subject: Fixed check for member of stroke_msg_t in pop_string.

Because of the cast to char** the length of the message was multiplied
by sizeof(char*), i.e. 4 or 8 bytes (depending on the architecture) instead
of by 1 (sizeof(char)).
---
 src/libcharon/plugins/stroke/stroke_socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/libcharon/plugins/stroke/stroke_socket.c')

diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 18e77905d..423322d91 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -122,7 +122,7 @@ static void pop_string(stroke_msg_t *msg, char **string)
 
 	/* check for sanity of string pointer and string */
 	if (string < (char**)msg ||
-		string > (char**)msg + sizeof(stroke_msg_t) ||
+		string > (char**)((char*)msg + sizeof(stroke_msg_t)) ||
 		(unsigned long)*string < (unsigned long)((char*)msg->buffer - (char*)msg) ||
 		(unsigned long)*string > msg->length)
 	{
-- 
cgit v1.2.3