diff -Naur libreswan-3.25-orig/include/chunk.h libreswan-3.25/include/chunk.h

--- libreswan-3.25-orig/include/chunk.h	2018-06-27 11:42:26.000000000 -0400

+++ libreswan-3.25/include/chunk.h	2018-12-14 13:30:29.269684194 -0500

@@ -55,6 +55,9 @@

 chunk_t clone_chunk(chunk_t old, const char *name);

+/* always NUL terminated; NULL is NULL */

+char *clone_chunk_as_string(chunk_t chunk, const char *name);

+

 /* note: the caller must free the result */

 char *str_from_chunk(chunk_t c, const char *name);

diff -Naur libreswan-3.25-orig/lib/libswan/chunk.c libreswan-3.25/lib/libswan/chunk.c

--- libreswan-3.25-orig/lib/libswan/chunk.c	2018-06-27 11:42:26.000000000 -0400

+++ libreswan-3.25/lib/libswan/chunk.c	2018-12-14 13:29:24.077050581 -0500

@@ -49,3 +49,16 @@

 	s[c.len] = '\0';	/* redundant */

 	return s;

 }

+

+char *clone_chunk_as_string(chunk_t chunk, const char *name)

+{

+	if (chunk.ptr == NULL) {

+		return NULL;

+	} else if (chunk.len > 0 && chunk.ptr[chunk.len - 1] == '\0') {

+		return clone_bytes(chunk.ptr, chunk.len, name);

+	} else {

+		char *string = alloc_things(char, chunk.len + 1, name);

+		memcpy(string, chunk.ptr, chunk.len);

+		return string;

+	}

+}

diff -Naur libreswan-3.25-orig/programs/pluto/ikev1_xauth.c libreswan-3.25/programs/pluto/ikev1_xauth.c

--- libreswan-3.25-orig/programs/pluto/ikev1_xauth.c	2018-06-27 11:42:26.000000000 -0400

+++ libreswan-3.25/programs/pluto/ikev1_xauth.c	2018-12-14 13:29:24.078050590 -0500

@@ -1214,8 +1214,8 @@

 		return 0;

 #endif

-	char *arg_name = str_from_chunk(*name, "XAUTH Name");

-	char *arg_password = str_from_chunk(*password, "XAUTH Name");

+	char *arg_name = clone_chunk_as_string(*name, "XAUTH Name");

+	char *arg_password = clone_chunk_as_string(*password, "XAUTH Name");

 	/*

 	 * For XAUTH, we're flipping between retransmitting the packet