From patchwork Tue Dec 10 11:44:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 3982 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:750c:b0:5e7:b9eb:58e8 with SMTP id r12csp51976mai; Tue, 10 Dec 2024 03:44:56 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUy5Pk7xOunHigLH5dFoGXXXqEnA0m0IqM2JWCFOj9nHaxxwoT/hzNq71G5ONHgm76shxNdVrrdRUQ=@openvpn.net X-Google-Smtp-Source: AGHT+IF8LoWDljxzNXXoErTP8yDYHMnm96KxqncVaoqUNKvgekKuEeFjzBXrCcAjQVIKL6R5wAGO X-Received: by 2002:a05:6808:10cd:b0:3ea:5d19:63c8 with SMTP id 5614622812f47-3eb19c16723mr12619442b6e.6.1733831096453; Tue, 10 Dec 2024 03:44:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1733831096; cv=none; d=google.com; s=arc-20240605; b=bn+gSUJeLFlhYZ8JcaMYPysBfPDd2STxiP9F/kaPxY9zLmpnFF/h01C/Q0ZPhrANhh /uXhXo3cFYoAxJ1RuT/7qPJm4we8r9/iIMxQbFi+1xXBMxLALW4OMdxqDf0tZUmIYM61 3njWGJBgpoFq/BbrthhIIIe1UFoMv9ovohZ0BjLtb13LV9SdqEVZtusO4sienGjv6YnH c8wzHuJsJC9/WbSuKWCUSwBpIi6QMGoK/3xUeP/hDBRc4CYfeB7IA9le/MDBfMLD8iIN yO6YwbsPKcd/r2nVXalF5Rhy7bE47eC5NZnQr1dgn/OghvEdBQjdN4ekfe+jvrNDEoPS Amdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=i/rGRfXFt8fAwFuDLhTUx6ILNnpainSrFbfTUaNZGKA=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=KGfkk7mYJ87eWm9Ls4Rk8S+DZ3Gq+5qQHrCipF6F2wyvZtLx/FhtEZOyJU6KOM2wFi 5hOjqlkcmBRJlsh87+7ski4SSix6ZQrQVE4L7KcZiySIeYCXCb+FVQQHVsry6wECohN7 DRzI2Jz8/xvkfUlR4zhtSkCXUZ4CaHaMxtnAlD+bZm1nANsSTl/PTHXaGXfelS4GRK4n 1KrwurKc0/25CEpnO4P/cLLWbdppU7WSO6ZnW3/EP/aoO7u7Dy9NgWn1crAdSHvRHCnu u1/Pq+x4FxRz0ICvMkaNGJSGUj3F6qRNSrdoszGQSL5YrhGyqHZtck2GmlBXKxzRfSBa IWNg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bbaRfL57; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=QM8xbhkE; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=OPvas6g9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3eb458a1bbfsi2904689b6e.14.2024.12.10.03.44.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Dec 2024 03:44:56 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bbaRfL57; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=QM8xbhkE; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=OPvas6g9; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tKyfa-0003Qb-EC; Tue, 10 Dec 2024 11:44:50 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tKyfY-0003QL-FJ for openvpn-devel@lists.sourceforge.net; Tue, 10 Dec 2024 11:44:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=lyv7yDUu4goPEOwPochhLkyDYDNb5CdPub1L1o0Iobg=; b=bbaRfL570FobTTQvdMlh9oV0zX silhKNIniua9xM/gvO4nSVhlDrY/RkyCXiV/QO+OSID2qz3Yp3szwcZBg7Pxuu7yp4vNKZPTcljl9 BtYRAFptHjvUX/mMpnga8WHeSeOHy47Vy9NU7+j37SXup2hKHMpyT6aQFauXqiIrgn3w=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=lyv7yDUu4goPEOwPochhLkyDYDNb5CdPub1L1o0Iobg=; b=Q M8xbhkEfTp9hQKWWE4GrVdmrtsUQqEMMD/jyXyMmt1JJR7bZDFe//RNVJAdVTlEgTJ9OrjgMT9JLc YNsRe+UNbbuadoIkSDRoMiMhdLhGXi0hGvFMlEUiuXdnzOkgJclXm0hbIhWqKORa//UmNx3G+dxpt fUwNHv6u3vOLKQkE=; Received: from mail-wr1-f44.google.com ([209.85.221.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tKyfX-0000Sg-Bo for openvpn-devel@lists.sourceforge.net; Tue, 10 Dec 2024 11:44:48 +0000 Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-37ed3bd6114so2309082f8f.2 for ; Tue, 10 Dec 2024 03:44:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1733831076; x=1734435876; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=lyv7yDUu4goPEOwPochhLkyDYDNb5CdPub1L1o0Iobg=; b=OPvas6g9THPXzS5tnZhFrgfLxFdl+grnIx6F6xQt4zYPtREChfdNTCHS9k9r+h9Fa1 45Bp62CoIrMkqJYwbCLzE9HELQiENUsu0/DyupBOS4ppJjV1b2xoOLZg626352k9KP3N 8FFR530rrM2RvIjmCg3NWS1vHMyvaP0mlnAx0bn0qpOkI8CpncyGRdDxZkAxpUWYDqyX FS/m94GpFd/EZ5aMYCc3vYldc0HXEz2BTLlxnT8ca+8aHq9bw2GN5VO+ikIHEGcZr6MO zcdak8ZKtnV+NBeSym3Y+HVVRd2eYguZDDpTBtmTjlfsT7mlXCFnmFMoS+CNqdHkFV4V gstw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733831076; x=1734435876; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lyv7yDUu4goPEOwPochhLkyDYDNb5CdPub1L1o0Iobg=; b=B7Sq231l6FSi6RNzyqQdYbvW2f9z2kEZxFXtPF85R+UCcGQINHWQWn3s3W0qjrN941 JVqZ/L6pMXqLJ8RivJV4wCdEVO1xZHf+LaRWOx8jdHg6FQ/vQrO7f7UKaTNTROgJUHpC qODOVTv73pBb7YiswQvH6D9DIUJaVAcYFsuwpOUtH+usbfz1Imb552UQ7u5KtwEoJZLS c7OXdFaK+PKwWzLL8+GVU/qsMWpFISPoyNas8kXOMaWJIQGllXe+MB3DPEDcxWPxCzdo NvVjzT+wrT6RAAQTCoMYJ/w2/+l2B00Inz/zFU/In4SMYRZBLSLfMuT4mXWGjimO8ZIu YGyg== X-Gm-Message-State: AOJu0YxI/71AduYXoMgh1tSmzF+5vTVuSsVy49xEcPmRumh0AmmzyZRd qaPf/NRyENF6sHmQyMezzoXK23kGxE5pZxT871yW1lkzCG1aW2h5xNcd/PTym/a0Mz9GByylvzP B X-Gm-Gg: ASbGncvavC1DSK4JstAEKKE56bvHeY51DdaES49OAMcfgbi7uVnyXV8wPE+qPfCfkNc wC/S64cCqXWfdoL+DJhCVLOZGZwJn2lqxB2ps6RF87r1H18ykfbRVPaPM4Wwwm7bmjnGKuvLq5S 1RbW1eUcanQFREu2beyRDq5neHMSDlEQLsiFmEdb0DIXYrDxTUF8g6z4cuP1kJ4Q7IOxwvNlQgJ phQepxHnUeHMDl3kRyeBLu+6N8Wckz99yHtui2a1yW4cgiTYVKbpHFcJ0GQP/1TAVNE2oDeoqSn KTW55Jh2owO7q/YblWXDlmoO5hIi6kSsdUzJPPIy5yGu+Q== X-Received: by 2002:a05:6000:1ac6:b0:385:f114:15bd with SMTP id ffacd0b85a97d-386453f6b3emr3550387f8f.37.1733831075785; Tue, 10 Dec 2024 03:44:35 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-386219096adsm15988542f8f.85.2024.12.10.03.44.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 03:44:35 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 10 Dec 2024 11:44:34 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I74a9eec4954f3f9d208792b6b34357571f76ae4c X-Gerrit-Change-Number: 827 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: c807bd87a9990b20efb967e07308fd559e2980d3 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.44 listed in sa-accredit.habeas.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.44 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.44 listed in bl.score.senderscore.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.44 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tKyfX-0000Sg-Bo Subject: [Openvpn-devel] [S] Change in openvpn[master]: forward: Fix potential unaligned access in drop_if_recursive_routing X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818053676128913338?= X-GMAIL-MSGID: =?utf-8?q?1818053676128913338?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/827?usp=email to review the following change. Change subject: forward: Fix potential unaligned access in drop_if_recursive_routing ...................................................................... forward: Fix potential unaligned access in drop_if_recursive_routing ASAN error: forward.c:1433:13: runtime error: member access within misaligned address 0x51e00002f52e for type 'const struct in6_addr', which requires 4 byte alignment Change-Id: I74a9eec4954f3f9d208792b6b34357571f76ae4c Signed-off-by: Frank Lichtenheld --- M src/openvpn/forward.c 1 file changed, 7 insertions(+), 8 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/27/827/1 diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index d50b24c..4ba7448 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1390,8 +1390,6 @@ if (proto_ver == 4) { - const struct openvpn_iphdr *pip; - /* make sure we got whole IP header */ if (BLEN(buf) < ((int) sizeof(struct openvpn_iphdr) + ip_hdr_offset)) { @@ -1404,18 +1402,17 @@ return; } - pip = (struct openvpn_iphdr *) (BPTR(buf) + ip_hdr_offset); + struct openvpn_iphdr pip; + memcpy(&pip, BPTR(buf) + ip_hdr_offset, sizeof(struct openvpn_iphdr)); /* drop packets with same dest addr as gateway */ - if (tun_sa.addr.in4.sin_addr.s_addr == pip->daddr) + if (tun_sa.addr.in4.sin_addr.s_addr == pip.daddr) { drop = true; } } else if (proto_ver == 6) { - const struct openvpn_ipv6hdr *pip6; - /* make sure we got whole IPv6 header */ if (BLEN(buf) < ((int) sizeof(struct openvpn_ipv6hdr) + ip_hdr_offset)) { @@ -1428,9 +1425,11 @@ return; } + struct openvpn_ipv6hdr pip6; + memcpy(&pip6, BPTR(buf) + ip_hdr_offset, sizeof(struct openvpn_ipv6hdr)); + /* drop packets with same dest addr as gateway */ - pip6 = (struct openvpn_ipv6hdr *) (BPTR(buf) + ip_hdr_offset); - if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6->daddr)) + if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6.daddr)) { drop = true; }