From 7ccb1e3198aa215bc83a5180a40a75b08ce42d3f Mon Sep 17 00:00:00 2001
From: Gert Doering <gert@greenie.muc.de>
Date: Tue, 25 Aug 2015 22:49:52 +0200
Subject: [PATCH] Replace unaligned 16bit access to TCP MSS value with bytewise
access
TCP options are not always word-aligned, and accessing a 16bit value
at an odd memory address will cause a "bus error" crash on some
architectures, e.g. Linux/Sparc(64)
Trac #497
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
src/openvpn/mss.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 64fd722..7298c7b 100644
|
a
|
b
|
mss_fixup_dowork (struct buffer *buf, uint16_t maxmss) |
| 129 | 129 | { |
| 130 | 130 | int hlen, olen, optlen; |
| 131 | 131 | uint8_t *opt; |
| 132 | | uint16_t *mss; |
| | 132 | uint16_t mssval; |
| 133 | 133 | int accumulate; |
| 134 | 134 | struct openvpn_tcphdr *tc; |
| 135 | 135 | |
| … |
… |
mss_fixup_dowork (struct buffer *buf, uint16_t maxmss) |
| 159 | 159 | if (*opt == OPENVPN_TCPOPT_MAXSEG) { |
| 160 | 160 | if (optlen != OPENVPN_TCPOLEN_MAXSEG) |
| 161 | 161 | continue; |
| 162 | | mss = (uint16_t *)(opt + 2); |
| 163 | | if (ntohs (*mss) > maxmss) { |
| 164 | | dmsg (D_MSS, "MSS: %d -> %d", |
| 165 | | (int) ntohs (*mss), |
| 166 | | (int) maxmss); |
| 167 | | accumulate = *mss; |
| 168 | | *mss = htons (maxmss); |
| 169 | | accumulate -= *mss; |
| | 162 | mssval = (opt[2]<<8)+opt[3]; |
| | 163 | if (mssval > maxmss) { |
| | 164 | dmsg (D_MSS, "MSS: %d -> %d", (int) mssval, (int) maxmss); |
| | 165 | accumulate = htons(mssval); |
| | 166 | opt[2] = (maxmss>>8)&0xff; |
| | 167 | opt[3] = maxmss&0xff; |
| | 168 | accumulate -= htons(maxmss); |
| 170 | 169 | ADJUST_CHECKSUM (accumulate, tc->check); |
| 171 | 170 | } |
| 172 | 171 | } |
