Change in osmo-ggsn[master]: fix unaligned access in build_ipcp_pco()

Tue, 17 Jul 2018 07:27:02 -0700 

Stefan Sperling has uploaded this change for review. ( 
https://gerrit.osmocom.org/10027


Change subject: fix unaligned access in build_ipcp_pco()
......................................................................

fix unaligned access in build_ipcp_pco()

Copy a struct ipcp_hdr to the stack, where it will be appropriately
aligned by the compiler, rather than accessing the data through a
potentially misaligned pointer.

Change-Id: Ifc1a2b623dee99ecf188df14a0808fe8219a98bf
Related: OS#3194
---
M ggsn/ggsn.c
1 file changed, 7 insertions(+), 5 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/27/10027/1

diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 6d879c0..8e0e934 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -504,31 +504,33 @@
 {
        const struct in46_addr *dns1 = &apn->v4.cfg.dns[0];
        const struct in46_addr *dns2 = &apn->v4.cfg.dns[1];
-       struct ipcp_hdr *ipcp;
+       struct ipcp_hdr ipcp;
        uint8_t *len1, *len2, *pco_ipcp;
        uint8_t *start = msg->tail;
        unsigned int len_appended;

        if (!(pco_ipcp = pco_contains_proto(&pdp->pco_req, PCO_P_IPCP)))
                return 0;
-       ipcp = (struct ipcp_hdr*) (pco_ipcp + 3);  /* 2=type + 1=len */
+
+       /* Copy to stack avoids unaligned access on some platforms. */
+       memcpy(&ipcp, pco_ipcp + 3, sizeof(ipcp)); /* 2=type + 1=len */

        /* Three byte T16L header */
        msgb_put_u16(msg, 0x8021);      /* IPCP */
        len1 = msgb_put(msg, 1);        /* Length of contents: delay */

        msgb_put_u8(msg, 0x02);         /* ACK */
-       msgb_put_u8(msg, ipcp->id);     /* ID: Needs to match request */
+       msgb_put_u8(msg, ipcp.id);      /* ID: Needs to match request */
        msgb_put_u8(msg, 0x00);         /* Length MSB */
        len2 = msgb_put(msg, 1);        /* Length LSB: delay */

-       if (dns1->len == 4 && ipcp_contains_option(ipcp, IPCP_OPT_PRIMARY_DNS)) 
{
+       if (dns1->len == 4 && ipcp_contains_option(&ipcp, 
IPCP_OPT_PRIMARY_DNS)) {
                msgb_put_u8(msg, 0x81);         /* DNS1 Tag */
                msgb_put_u8(msg, 2 + dns1->len);/* DNS1 Length, incl. TL */
                msgb_put_u32(msg, ntohl(dns1->v4.s_addr));
        }

-       if (dns2->len == 4 && ipcp_contains_option(ipcp, 
IPCP_OPT_SECONDARY_DNS)) {
+       if (dns2->len == 4 && ipcp_contains_option(&ipcp, 
IPCP_OPT_SECONDARY_DNS)) {
                msgb_put_u8(msg, 0x83);         /* DNS2 Tag */
                msgb_put_u8(msg, 2 + dns2->len);/* DNS2 Length, incl. TL */
                msgb_put_u32(msg, ntohl(dns2->v4.s_addr));

--
To view, visit https://gerrit.osmocom.org/10027
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifc1a2b623dee99ecf188df14a0808fe8219a98bf
Gerrit-Change-Number: 10027
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <[email protected]>

Reply via email to