diff mbox series

[Openvpn-devel,S] Change in openvpn[master]: forward: Fix potential unaligned access in drop_if_recursive_routing

Message ID df8732f44bee2ab3bfdd408f6037d020795bd2d8-HTML@gerrit.openvpn.net
State Superseded
Headers show
Series [Openvpn-devel,S] Change in openvpn[master]: forward: Fix potential unaligned access in drop_if_recursive_routing | expand

Commit Message

ralf_lici (Code Review) Dec. 10, 2024, 11:44 a.m. UTC 
Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/827?usp=email

to review the following change.


Change subject: forward: Fix potential unaligned access in drop_if_recursive_routing
......................................................................

forward: Fix potential unaligned access in drop_if_recursive_routing

ASAN error:
forward.c:1433:13: runtime error: member access within
misaligned address 0x51e00002f52e for type
'const struct in6_addr', which requires 4 byte alignment

Change-Id: I74a9eec4954f3f9d208792b6b34357571f76ae4c
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
---
M src/openvpn/forward.c
1 file changed, 7 insertions(+), 8 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/27/827/1
diff mbox series

Patch

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index d50b24c..4ba7448 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1390,8 +1390,6 @@ 
 
     if (proto_ver == 4)
     {
-        const struct openvpn_iphdr *pip;
-
         /* make sure we got whole IP header */
         if (BLEN(buf) < ((int) sizeof(struct openvpn_iphdr) + ip_hdr_offset))
         {
@@ -1404,18 +1402,17 @@ 
             return;
         }
 
-        pip = (struct openvpn_iphdr *) (BPTR(buf) + ip_hdr_offset);
+        struct openvpn_iphdr pip;
+        memcpy(&pip, BPTR(buf) + ip_hdr_offset, sizeof(struct openvpn_iphdr));
 
         /* drop packets with same dest addr as gateway */
-        if (tun_sa.addr.in4.sin_addr.s_addr == pip->daddr)
+        if (tun_sa.addr.in4.sin_addr.s_addr == pip.daddr)
         {
             drop = true;
         }
     }
     else if (proto_ver == 6)
     {
-        const struct openvpn_ipv6hdr *pip6;
-
         /* make sure we got whole IPv6 header */
         if (BLEN(buf) < ((int) sizeof(struct openvpn_ipv6hdr) + ip_hdr_offset))
         {
@@ -1428,9 +1425,11 @@ 
             return;
         }
 
+        struct openvpn_ipv6hdr pip6;
+        memcpy(&pip6, BPTR(buf) + ip_hdr_offset, sizeof(struct openvpn_ipv6hdr));
+
         /* drop packets with same dest addr as gateway */
-        pip6 = (struct openvpn_ipv6hdr *) (BPTR(buf) + ip_hdr_offset);
-        if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6->daddr))
+        if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6.daddr))
         {
             drop = true;
         }