cron2 has uploaded a new patch set (#4) to the change originally created by its_Giaan. ( http://gerrit.openvpn.net/c/openvpn/+/1348?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: mudp: fix unaligned 32-bit read when parsing peer ID ...................................................................... mudp: fix unaligned 32-bit read when parsing peer ID The code previously read a 32-bit value from a uint8_t buffer using a direct cast and dereference. This can cause unaligned memory access and undefined behavior on architectures that do not support unaligned reads, potentially leading to a one-packet crash. Fix this by reading the bytes individually and combining them manually. Reported-By: Joshua Rogers <[email protected]> Found-By: ZeroPath (https://zeropath.com) Change-Id: Id0bb4c45d373437ab8dbaff7a311745f9b538cbf Signed-off-by: Gianmarco De Gregori <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1348 Message-Id: <[email protected]> Signed-off-by: Gert Doering <[email protected]> --- M src/openvpn/mudp.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/48/1348/4 diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index b03e165..5de3af6 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -209,7 +209,7 @@ /* make sure buffer has enough length to read opcode (1 byte) and peer-id (3 bytes) */ if (v2) { - uint32_t peer_id = ntohl(*(uint32_t *)ptr) & 0xFFFFFF; + uint32_t peer_id = ((uint32_t)ptr[1] << 16) | ((uint32_t)ptr[2] << 8) | ((uint32_t)ptr[3]); peer_id_disabled = (peer_id == MAX_PEER_ID); if (!peer_id_disabled && (peer_id < m->max_clients) && (m->instances[peer_id])) -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1348?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id0bb4c45d373437ab8dbaff7a311745f9b538cbf Gerrit-Change-Number: 1348 Gerrit-PatchSet: 4 Gerrit-Owner: its_Giaan <[email protected]> Gerrit-Reviewer: cron2 <[email protected]> Gerrit-Reviewer: flichtenheld <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
