From 2e2a34181962b33d70c34c28dcb1e1977c2fd54e Mon Sep 17 00:00:00 2001 From: Gert Doering Date: Thu, 27 Aug 2015 15:00:02 +0200 Subject: Replace unaligned 16bit access to TCP MSS value with bytewise access TCP options are not always word-aligned, and accessing a 16bit value at an odd memory address will cause a "bus error" crash on some architectures, e.g. Linux/Sparc(64) Trac #497 Signed-off-by: Gert Doering Acked-by: Steffan Karger Message-Id: <1440680402-96548-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/10056 --- src/openvpn/mss.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c index 64fd722..7298c7b 100644 --- a/src/openvpn/mss.c +++ b/src/openvpn/mss.c @@ -129,7 +129,7 @@ mss_fixup_dowork (struct buffer *buf, uint16_t maxmss) { int hlen, olen, optlen; uint8_t *opt; - uint16_t *mss; + uint16_t mssval; int accumulate; struct openvpn_tcphdr *tc; @@ -159,14 +159,13 @@ mss_fixup_dowork (struct buffer *buf, uint16_t maxmss) if (*opt == OPENVPN_TCPOPT_MAXSEG) { if (optlen != OPENVPN_TCPOLEN_MAXSEG) continue; - mss = (uint16_t *)(opt + 2); - if (ntohs (*mss) > maxmss) { - dmsg (D_MSS, "MSS: %d -> %d", - (int) ntohs (*mss), - (int) maxmss); - accumulate = *mss; - *mss = htons (maxmss); - accumulate -= *mss; + mssval = (opt[2]<<8)+opt[3]; + if (mssval > maxmss) { + dmsg (D_MSS, "MSS: %d -> %d", (int) mssval, (int) maxmss); + accumulate = htons(mssval); + opt[2] = (maxmss>>8)&0xff; + opt[3] = maxmss&0xff; + accumulate -= htons(maxmss); ADJUST_CHECKSUM (accumulate, tc->check); } } -- cgit