From patchwork Wed Dec 11 17:13:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3986 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:750c:b0:5e7:b9eb:58e8 with SMTP id r12csp995673mai; Wed, 11 Dec 2024 09:14:10 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVsE9oVLVOuNiPHZSyAp3pnv2s9H58LCupLP8hwFBOISYre9X9xFphkY/Oflk8Q+RNYC+v8PqgKKI4=@openvpn.net X-Google-Smtp-Source: AGHT+IGfBF3Bh2JHyvkG0+epQLUDol7jykvDC3kWYyRDs8vXQY+FQ8SqZ4pALw3fhcUbj+B/clkx X-Received: by 2002:a05:6870:56a4:b0:29e:592f:f4f3 with SMTP id 586e51a60fabf-2a012d8c24amr2342827fac.27.1733937250156; Wed, 11 Dec 2024 09:14:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1733937250; cv=none; d=google.com; s=arc-20240605; b=k+4Cgr/BiJRKm0nFf5wjdE6sIQHNXBI1xBVHbnT0XAdldBYbi5LP0urNHCALbseFkD 5fYQvsquLmh7gSRyWayxWVg/M3wyZfzlVzC7EGh03+v8+PgAP8Z2oBgP++tcfCOvn/HM QAdQu7738TGdU1SM3zmaeyMgyax9mJroIK+WumrWWvjnmgobLh5A7FOZFL3wqqNd2ms4 70FYYKu0GbaWwxv/ePaS5zec3N88MgXncLPN/SpdNoWD3fHGHWDKsXDl7hZG/yMIgOF7 etls/RcNPwmkI4yn8+PIQZd32mJUJYmYYyYYB85BNRLhKwn6SH3OAdcluutJHMfSqBO/ cCYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=ALirScA+d657k77U9T9eoVVHkNVpx0lFHOeWKQjF/J4=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=VppCsj/kMEYCP2K/diiCjU+wUQss0EJp+fssNLtDYXy12ZaPBhYdzwkuiV14Nk/i9s jqNanssYOYBcRZU3gMmGvuLUqq6XxlNe36pqPXn5onuUWLrgR9wBPd4Qu5Ro35ynOWHX ouOkqQ2kAIswHcwAHf384guWXRvUicp9nreseT7QLKlKT0qfRSejHTNgU/CZEI1zjVWg Ds7xzr41suDQIuqiaMHmu8SZKo1AP7Gte4ybua+/HecraESrkju2oFW1MRgAV5hOoyeS fJUNDvCbTA1IrzltDcaJX5ssGXMAK9sEhFoKotaHsNSusx+B+x50F9kmTzXJMtuaj6bu bqig==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J3XLX+PB; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d22nFeYR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-2a0039c2e51si2206331fac.197.2024.12.11.09.14.09 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Dec 2024 09:14:09 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J3XLX+PB; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d22nFeYR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tLQHm-0003z3-KQ; Wed, 11 Dec 2024 17:14:06 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tLQHj-0003yq-Nf for openvpn-devel@lists.sourceforge.net; Wed, 11 Dec 2024 17:14:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=o2BkHgn6KbgY09cU04eLKsrvlYQeIs9VeMnnpI1kQa8=; b=J3XLX+PBB7lUjXQ4apNH9Um0oN fSQ2Tz5hLZ18TaTTvOos01yQTx9ZERw9kOiXsrjmtsWveFilORehFMXdKG6qeCjVrg2ugM/wdV2Af yOZNvOQ6u1CgenGDkiZPjDKGPOtpxxcpMcq0Ew7auAKsTXkmwhhNMh38QxkZGalp4btE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=o2BkHgn6KbgY09cU04eLKsrvlYQeIs9VeMnnpI1kQa8=; b=d22nFeYRBp+aZLG6ZA+Gc5iEn6 Z95Fk3eRYx+Q6JDWsskQx4033XvbuiIc4IxA9dAYqmQm2rPgPAifQDXtho3L+Bsi6uH55sc1FZSQc fPYTMIlHqHVzyk9TWm0zbhRp1TetTe/yqybnfV4N2hlXctCxZrLkZdHE81LnFIYXOiso=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tLQHh-0006ty-UB for openvpn-devel@lists.sourceforge.net; Wed, 11 Dec 2024 17:14:03 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 4BBHDnLS008903 for ; Wed, 11 Dec 2024 18:13:49 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 4BBHDn5r008902 for openvpn-devel@lists.sourceforge.net; Wed, 11 Dec 2024 18:13:49 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 11 Dec 2024 18:13:48 +0100 Message-ID: <20241211171349.8892-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld ASAN error: forward.c:1433:13: runtime error: member access within misaligned address 0x51e00002f52e for type 'const struct in6_addr', which requires 4 byte alignment Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1tLQHh-0006ty-UB Subject: [Openvpn-devel] [PATCH v3] forward: Fix potential unaligned access in drop_if_recursive_routing X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818164985915085210?= X-GMAIL-MSGID: =?utf-8?q?1818164985915085210?= From: Frank Lichtenheld ASAN error: forward.c:1433:13: runtime error: member access within misaligned address 0x51e00002f52e for type 'const struct in6_addr', which requires 4 byte alignment v2: Use memcmp instead of memcpy Change-Id: I74a9eec4954f3f9d208792b6b34357571f76ae4c Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/827 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index d50b24c..2c72001 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -1390,8 +1390,6 @@ if (proto_ver == 4) { - const struct openvpn_iphdr *pip; - /* make sure we got whole IP header */ if (BLEN(buf) < ((int) sizeof(struct openvpn_iphdr) + ip_hdr_offset)) { @@ -1404,18 +1402,16 @@ return; } - pip = (struct openvpn_iphdr *) (BPTR(buf) + ip_hdr_offset); + struct openvpn_iphdr *pip = (struct openvpn_iphdr *) (BPTR(buf) + ip_hdr_offset); /* drop packets with same dest addr as gateway */ - if (tun_sa.addr.in4.sin_addr.s_addr == pip->daddr) + if (memcmp(&tun_sa.addr.in4.sin_addr.s_addr, &pip->daddr, sizeof(pip->daddr)) == 0) { drop = true; } } else if (proto_ver == 6) { - const struct openvpn_ipv6hdr *pip6; - /* make sure we got whole IPv6 header */ if (BLEN(buf) < ((int) sizeof(struct openvpn_ipv6hdr) + ip_hdr_offset)) { @@ -1428,9 +1424,10 @@ return; } + struct openvpn_ipv6hdr *pip6 = (struct openvpn_ipv6hdr *) (BPTR(buf) + ip_hdr_offset); + /* drop packets with same dest addr as gateway */ - pip6 = (struct openvpn_ipv6hdr *) (BPTR(buf) + ip_hdr_offset); - if (IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6->daddr)) + if (OPENVPN_IN6_ARE_ADDR_EQUAL(&tun_sa.addr.in6.sin6_addr, &pip6->daddr)) { drop = true; } diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h index 7b94fbc..ac70134 100644 --- a/src/openvpn/proto.h +++ b/src/openvpn/proto.h @@ -83,6 +83,12 @@ #define SIZE_ETH_TO_8021Q_HDR (sizeof(struct openvpn_8021qhdr) \ - sizeof(struct openvpn_ethhdr)) +/** Version of IN6_ARE_ADDR_EQUAL that is guaranteed to work for + unaligned access. E.g. Linux uses 32bit compares which are + not safe if the struct is unaligned. */ +#define OPENVPN_IN6_ARE_ADDR_EQUAL(a, b) \ + (memcmp(a, b, sizeof(struct in6_addr)) == 0) + struct openvpn_iphdr { #define OPENVPN_IPH_GET_VER(v) (((v) >> 4) & 0x0F) #define OPENVPN_IPH_GET_LEN(v) (((v) & 0x0F) << 2)