Change in osmo-ggsn[master]: fix unaligned access in build_ipcp_pco()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Stefan Sperling gerrit-no-reply at lists.osmocom.org
Tue Jul 17 14:26:47 UTC 2018


Stefan Sperling has uploaded this change for review. ( https://gerrit.osmocom.org/10027


Change subject: fix unaligned access in build_ipcp_pco()
......................................................................

fix unaligned access in build_ipcp_pco()

Copy a struct ipcp_hdr to the stack, where it will be appropriately
aligned by the compiler, rather than accessing the data through a
potentially misaligned pointer.

Change-Id: Ifc1a2b623dee99ecf188df14a0808fe8219a98bf
Related: OS#3194
---
M ggsn/ggsn.c
1 file changed, 7 insertions(+), 5 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/27/10027/1

diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 6d879c0..8e0e934 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -504,31 +504,33 @@
 {
 	const struct in46_addr *dns1 = &apn->v4.cfg.dns[0];
 	const struct in46_addr *dns2 = &apn->v4.cfg.dns[1];
-	struct ipcp_hdr *ipcp;
+	struct ipcp_hdr ipcp;
 	uint8_t *len1, *len2, *pco_ipcp;
 	uint8_t *start = msg->tail;
 	unsigned int len_appended;
 
 	if (!(pco_ipcp = pco_contains_proto(&pdp->pco_req, PCO_P_IPCP)))
 		return 0;
-	ipcp = (struct ipcp_hdr*) (pco_ipcp + 3);  /* 2=type + 1=len */
+
+	/* Copy to stack avoids unaligned access on some platforms. */
+	memcpy(&ipcp, pco_ipcp + 3, sizeof(ipcp)); /* 2=type + 1=len */
 
 	/* Three byte T16L header */
 	msgb_put_u16(msg, 0x8021);	/* IPCP */
 	len1 = msgb_put(msg, 1);	/* Length of contents: delay */
 
 	msgb_put_u8(msg, 0x02);		/* ACK */
-	msgb_put_u8(msg, ipcp->id);	/* ID: Needs to match request */
+	msgb_put_u8(msg, ipcp.id);	/* ID: Needs to match request */
 	msgb_put_u8(msg, 0x00);		/* Length MSB */
 	len2 = msgb_put(msg, 1);	/* Length LSB: delay */
 
-	if (dns1->len == 4 && ipcp_contains_option(ipcp, IPCP_OPT_PRIMARY_DNS)) {
+	if (dns1->len == 4 && ipcp_contains_option(&ipcp, IPCP_OPT_PRIMARY_DNS)) {
 		msgb_put_u8(msg, 0x81);		/* DNS1 Tag */
 		msgb_put_u8(msg, 2 + dns1->len);/* DNS1 Length, incl. TL */
 		msgb_put_u32(msg, ntohl(dns1->v4.s_addr));
 	}
 
-	if (dns2->len == 4 && ipcp_contains_option(ipcp, IPCP_OPT_SECONDARY_DNS)) {
+	if (dns2->len == 4 && ipcp_contains_option(&ipcp, IPCP_OPT_SECONDARY_DNS)) {
 		msgb_put_u8(msg, 0x83);		/* DNS2 Tag */
 		msgb_put_u8(msg, 2 + dns2->len);/* DNS2 Length, incl. TL */
 		msgb_put_u32(msg, ntohl(dns2->v4.s_addr));

-- 
To view, visit https://gerrit.osmocom.org/10027
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifc1a2b623dee99ecf188df14a0808fe8219a98bf
Gerrit-Change-Number: 10027
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <ssperling at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20180717/6baae7c2/attachment.htm>


More information about the gerrit-log mailing list