Attention is currently required from: cron2, plaisthos.
Hello cron2, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/827?usp=email
to look at the new patch set (#3).
Change subject: forward: Fix potential unaligned access in
drop_if_recursive_routing
......................................................................
forward: Fix potential unaligned access in drop_if_recursive_routing
ASAN error:
forward.c:1433:13: runtime error: member access within
misaligned address 0x51e00002f52e for type
'const struct in6_addr', which requires 4 byte alignment
v2: Use memcmp instead of memcpy
Change-Id: I74a9eec4954f3f9d208792b6b34357571f76ae4c
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
---
M src/openvpn/forward.c
M src/openvpn/proto.h
2 files changed, 11 insertions(+), 8 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/27/827/3
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index d50b24c..2c72001 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1390,8 +1390,6 @@
if (proto_ver == 4)
{
- const struct openvpn_iphdr *pip;
-
/* make sure we got whole IP header */
if (BLEN(buf) < ((int) sizeof(struct openvpn_iphdr) + ip_hdr_offset))
{
@@ -1404,18 +1402,16 @@
return;
}
- pip = (struct openvpn_iphdr *) (BPTR(buf) + ip_hdr_offset);
+ struct openvpn_iphdr *pip = (struct openvpn_iphdr *) (BPTR(buf) +
ip_hdr_offset);
/* drop packets with same dest addr as gateway */
- if (tun_sa.addr.in4.sin_addr.s_addr == pip->daddr)
+ if (memcmp(&tun_sa.addr.in4.sin_addr.s_addr, &pip->daddr,
sizeof(pip->daddr)) == 0)
{
drop = true;
}
}
else if (proto_ver == 6)
{
- const struct openvpn_ipv6hdr *pip6;
-
/* make sure we got whole IPv6 header */
if (BLEN(buf) < ((int) sizeof(struct openvpn_ipv6hdr) + ip_hdr_offset))
{
@@ -1428,9 +1424,10 @@
return;
}
+ struct openvpn_ipv6hdr *pip6 = (struct openvpn_ipv6hdr *) (BPTR(buf) +
ip_hdr_offset);
+
/* drop packets with same dest addr as gateway */
- pip6 = (struct openvpn_ipv6hdr *) (BPTR(buf) + ip_hdr_offset);
- if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6->daddr))
+ if (OPENVPN_IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr,
&pip6->daddr))
{
drop = true;
}
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index 7b94fbc..ac70134 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -83,6 +83,12 @@
#define SIZE_ETH_TO_8021Q_HDR (sizeof(struct openvpn_8021qhdr) \
- sizeof(struct openvpn_ethhdr))
+/** Version of IN6_ARE_ADDR_EQUAL that is guaranteed to work for
+ unaligned access. E.g. Linux uses 32bit compares which are
+ not safe if the struct is unaligned. */
+#define OPENVPN_IN6_ARE_ADDR_EQUAL(a, b) \
+ (memcmp(a, b, sizeof(struct in6_addr)) == 0)
+
struct openvpn_iphdr {
#define OPENVPN_IPH_GET_VER(v) (((v) >> 4) & 0x0F)
#define OPENVPN_IPH_GET_LEN(v) (((v) & 0x0F) << 2)
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/827?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I74a9eec4954f3f9d208792b6b34357571f76ae4c
Gerrit-Change-Number: 827
Gerrit-PatchSet: 3
Gerrit-Owner: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: cron2 <g...@greenie.muc.de>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: cron2 <g...@greenie.muc.de>
Gerrit-MessageType: newpatchset
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
