Fix out-of-order string operations resulting in a wrongly calculated

string size that could lead to a buffer overflow in ikev2_print_id().

Found by and fix from dropk1ck on github (issue #90)
ok patrick@ mbuhl@

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index ab213a8..43de692 100644 (file)
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ikev2.c,v 1.355 2022/10/24 15:52:39 tobhe Exp $       */
+/*     $OpenBSD: ikev2.c,v 1.356 2022/11/06 11:11:47 tobhe Exp $       */
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -6921,8 +6921,8 @@ ikev2_print_id(struct iked_id *id, char *idstr, size_t idstrlen)
            strlcat(idstr, "/", idstrlen) >= idstrlen)
                return (-1);
 
-       idstr += strlen(idstr);
        idstrlen -= strlen(idstr);
+       idstr += strlen(idstr);
 
        switch (id->id_type) {
        case IKEV2_ID_IPV4: