Change in osmo-ggsn[master]: fix unaligned access in build_ipcp_pco()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Stefan Sperling gerrit-no-reply at lists.osmocom.org
Tue Jul 17 15:02:15 UTC 2018


Stefan Sperling has uploaded this change for review. ( https://gerrit.osmocom.org/10028


Change subject: fix unaligned access in build_ipcp_pco()
......................................................................

fix unaligned access in build_ipcp_pco()

Include PDP Protocol Configuration Options header bytes (2 type, 1 length)
in our struct ipcp_hdr definition, and rename this struct accordingly.
This should allow the compiler to produce properly aligned accesses.

The previous code caused an unaligned access on some platforms because
PDP options are two-byte aligned in the received packet, and the IPCP
data we want to read starts at an offset of 3 bytes into the packet.

Change-Id: Ia75ee0f64e660f6ff6d81d808f9c460b7cac93d2
Related: OS#3194
---
M ggsn/ggsn.c
1 file changed, 8 insertions(+), 6 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/28/10028/1

diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 6d879c0..6a0c1b5 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -405,7 +405,9 @@
 	uint8_t data[0];
 } __attribute__ ((packed));
 
-struct ipcp_hdr {
+struct pco_ipcp_hdr {
+	uint16_t pco_type;
+	uint8_t pco_len;
 	uint8_t code;
 	uint8_t id;
 	uint16_t len;
@@ -413,7 +415,7 @@
 } __attribute__ ((packed));
 
 /* determine if IPCP contains given option */
-static struct ipcp_option_hdr *ipcp_contains_option(struct ipcp_hdr *ipcp, enum ipcp_options opt)
+static struct ipcp_option_hdr *ipcp_contains_option(struct pco_ipcp_hdr *ipcp, enum ipcp_options opt)
 {
 	uint8_t *cur = ipcp->options;
 
@@ -504,14 +506,14 @@
 {
 	const struct in46_addr *dns1 = &apn->v4.cfg.dns[0];
 	const struct in46_addr *dns2 = &apn->v4.cfg.dns[1];
-	struct ipcp_hdr *ipcp;
-	uint8_t *len1, *len2, *pco_ipcp;
+	struct pco_ipcp_hdr *ipcp;
+	uint8_t *len1, *len2;
 	uint8_t *start = msg->tail;
 	unsigned int len_appended;
 
-	if (!(pco_ipcp = pco_contains_proto(&pdp->pco_req, PCO_P_IPCP)))
+	ipcp = (struct pco_ipcp_hdr *)pco_contains_proto(&pdp->pco_req, PCO_P_IPCP);
+	if (ipcp == NULL)
 		return 0;
-	ipcp = (struct ipcp_hdr*) (pco_ipcp + 3);  /* 2=type + 1=len */
 
 	/* Three byte T16L header */
 	msgb_put_u16(msg, 0x8021);	/* IPCP */

-- 
To view, visit https://gerrit.osmocom.org/10028
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia75ee0f64e660f6ff6d81d808f9c460b7cac93d2
Gerrit-Change-Number: 10028
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180717/9143b268/attachment.htm>


More information about the gerrit-log mailing list