From 43e56fc55593f3f7d14f73017d3b362839d167e2 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 25 Jan 2010 23:59:03 +0100 Subject: Fix other memory alignment issues Similar to George McCollister's patch to the pam code, this patch fixes other places in the code where we forced data into 32-bit alignment. Fixes: #390 --- server/providers/ldap/ldap_child.c | 13 ++++++++----- server/providers/ldap/sdap_child_helpers.c | 21 ++++++++++++--------- 2 files changed, 20 insertions(+), 14 deletions(-) (limited to 'server/providers/ldap') diff --git a/server/providers/ldap/ldap_child.c b/server/providers/ldap/ldap_child.c index a17bcad07..448a9cc6a 100644 --- a/server/providers/ldap/ldap_child.c +++ b/server/providers/ldap/ldap_child.c @@ -54,7 +54,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, DEBUG(1, ("Error: buffer too big!\n")); return EINVAL; } - len = ((uint32_t *)(buf + p))[0]; + memcpy(&len, buf + p, sizeof(uint32_t)); p += sizeof(uint32_t); DEBUG(7, ("realm_str size: %d\n", len)); @@ -68,7 +68,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, /* princ_str size and length */ if ((p + sizeof(uint32_t)) > size) return EINVAL; - len = ((uint32_t *)(buf + p))[0]; + memcpy(&len, buf + p, sizeof(uint32_t)); p += sizeof(uint32_t); DEBUG(7, ("princ_str size: %d\n", len)); @@ -82,7 +82,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, /* keytab_name size and length */ if ((p + sizeof(uint32_t)) > size) return EINVAL; - len = ((uint32_t *)(buf + p))[0]; + memcpy(&len, buf + p, sizeof(uint32_t)); p += sizeof(uint32_t); DEBUG(7, ("keytab_name size: %d\n", len)); @@ -101,16 +101,19 @@ static int pack_buffer(struct response *r, int result, const char *msg) { int len; int p = 0; + uint32_t c; len = strlen(msg); r->size = 2 * sizeof(uint32_t) + len; /* result */ - ((uint32_t *)(&r->buf[p]))[0] = result; + c = result; + memcpy(&r->buf[p], &c, sizeof(uint32_t)); p += sizeof(uint32_t); /* message size */ - ((uint32_t *)(&r->buf[p]))[0] = len; + c = len; + memcpy(&r->buf[p], &c, sizeof(uint32_t)); p += sizeof(uint32_t); /* message itself */ diff --git a/server/providers/ldap/sdap_child_helpers.c b/server/providers/ldap/sdap_child_helpers.c index 862dacf9e..7f743d7fa 100644 --- a/server/providers/ldap/sdap_child_helpers.c +++ b/server/providers/ldap/sdap_child_helpers.c @@ -168,36 +168,39 @@ static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, /* realm */ if (realm_str) { len = strlen(realm_str); - ((uint32_t *)(&buf->data[rp]))[0] = len; + memcpy(&buf->data[rp], &len, sizeof(uint32_t)); rp += sizeof(uint32_t); memcpy(&buf->data[rp], realm_str, len); rp += len; } else { - ((uint32_t *)(&buf->data[rp]))[0] = 0; + len = 0; + memcpy(&buf->data[rp], &len, sizeof(uint32_t)); rp += sizeof(uint32_t); } /* principal */ if (princ_str) { len = strlen(princ_str); - ((uint32_t *)(&buf->data[rp]))[0] = len; + memcpy(&buf->data[rp], &len, sizeof(uint32_t)); rp += sizeof(uint32_t); memcpy(&buf->data[rp], princ_str, len); rp += len; } else { - ((uint32_t *)(&buf->data[rp]))[0] = 0; + len = 0; + memcpy(&buf->data[rp], &len, sizeof(uint32_t)); rp += sizeof(uint32_t); } /* keytab */ if (keytab_name) { len = strlen(keytab_name); - ((uint32_t *)(&buf->data[rp]))[0] = len; + memcpy(&buf->data[rp], &len, sizeof(uint32_t)); rp += sizeof(uint32_t); memcpy(&buf->data[rp], keytab_name, len); rp += len; } else { - ((uint32_t *)(&buf->data[rp]))[0] = 0; + len = 0; + memcpy(&buf->data[rp], &len, sizeof(uint32_t)); rp += sizeof(uint32_t); } @@ -214,14 +217,14 @@ static int parse_child_response(TALLOC_CTX *mem_ctx, uint32_t res; char *ccn; - /* operatoin result code */ + /* operation result code */ if ((p + sizeof(uint32_t)) > size) return EINVAL; - res = *((uint32_t *)(buf + p)); + memcpy(&res, buf + p, sizeof(uint32_t)); p += sizeof(uint32_t); /* ccache name size */ if ((p + sizeof(uint32_t)) > size) return EINVAL; - len = *((uint32_t *)(buf + p)); + memcpy(&len, buf + p, sizeof(uint32_t)); p += sizeof(uint32_t); if ((p + len ) > size) return EINVAL; -- cgit