Attention is currently required from: flichtenheld, its_Giaan, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1348?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
The change is no longer submittable: Code-Review and checks~ChecksSubmitRule
are unsatisfied now.
Change subject: mudp: fix unaligned 32-bit read when parsing peer ID
......................................................................
mudp: fix unaligned 32-bit read when parsing peer ID
The code previously read a 32-bit value from a uint8_t
buffer using a direct cast and dereference.
This can cause unaligned memory access and undefined
behavior on architectures that do not support unaligned
reads, potentially leading to a one-packet crash.
Fix this by read the bytes individually and combine
them manually.
Reported-By: Joshua Rogers <[email protected]>
Found-By: ZeroPath (https://zeropath.com)
Change-Id: Id0bb4c45d373437ab8dbaff7a311745f9b538cbf
Signed-off-by: Gianmarco De Gregori <[email protected]>
---
M src/openvpn/mudp.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/48/1348/2
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index b03e165..5de3af6 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -209,7 +209,7 @@
/* make sure buffer has enough length to read opcode (1 byte) and
peer-id (3 bytes) */
if (v2)
{
- uint32_t peer_id = ntohl(*(uint32_t *)ptr) & 0xFFFFFF;
+ uint32_t peer_id = ((uint32_t)ptr[1] << 16) | ((uint32_t)ptr[2] <<
8) | ((uint32_t)ptr[3]);
peer_id_disabled = (peer_id == MAX_PEER_ID);
if (!peer_id_disabled && (peer_id < m->max_clients) &&
(m->instances[peer_id]))
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1348?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Id0bb4c45d373437ab8dbaff7a311745f9b538cbf
Gerrit-Change-Number: 1348
Gerrit-PatchSet: 2
Gerrit-Owner: its_Giaan <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: cron2 <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: its_Giaan <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
