summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGert Doering <gert@greenie.muc.de>2015-08-27 15:00:02 +0200
committerGert Doering <gert@greenie.muc.de>2015-09-21 21:29:01 +0200
commit2e2a34181962b33d70c34c28dcb1e1977c2fd54e (patch)
tree712ad3233409309b33cbaa3299c43a6a15fd797e
parent767e4c56becbfeea525e4695a810593f373883cd (diff)
downloadopenvpn-2e2a34181962b33d70c34c28dcb1e1977c2fd54e.zip
openvpn-2e2a34181962b33d70c34c28dcb1e1977c2fd54e.tar.gz
openvpn-2e2a34181962b33d70c34c28dcb1e1977c2fd54e.tar.xz
Replace unaligned 16bit access to TCP MSS value with bytewise access
TCP options are not always word-aligned, and accessing a 16bit value at an odd memory address will cause a "bus error" crash on some architectures, e.g. Linux/Sparc(64) Trac #497 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1440680402-96548-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10056
-rw-r--r--src/openvpn/mss.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 64fd722..7298c7b 100644
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -129,7 +129,7 @@ mss_fixup_dowork (struct buffer *buf, uint16_t maxmss)
{
int hlen, olen, optlen;
uint8_t *opt;
- uint16_t *mss;
+ uint16_t mssval;
int accumulate;
struct openvpn_tcphdr *tc;
@@ -159,14 +159,13 @@ mss_fixup_dowork (struct buffer *buf, uint16_t maxmss)
if (*opt == OPENVPN_TCPOPT_MAXSEG) {
if (optlen != OPENVPN_TCPOLEN_MAXSEG)
continue;
- mss = (uint16_t *)(opt + 2);
- if (ntohs (*mss) > maxmss) {
- dmsg (D_MSS, "MSS: %d -> %d",
- (int) ntohs (*mss),
- (int) maxmss);
- accumulate = *mss;
- *mss = htons (maxmss);
- accumulate -= *mss;
+ mssval = (opt[2]<<8)+opt[3];
+ if (mssval > maxmss) {
+ dmsg (D_MSS, "MSS: %d -> %d", (int) mssval, (int) maxmss);
+ accumulate = htons(mssval);
+ opt[2] = (maxmss>>8)&0xff;
+ opt[3] = maxmss&0xff;
+ accumulate -= htons(maxmss);
ADJUST_CHECKSUM (accumulate, tc->check);
}
}