diff options
| author | Can Erkin Acar <canacar@cvs.openbsd.org> | 2005-08-03 21:50:22 +0000 |
|---|---|---|
| committer | Can Erkin Acar <canacar@cvs.openbsd.org> | 2005-08-03 21:50:22 +0000 |
| commit | deda5c86201d24a0a799f7a16295b094a628440f (patch) | |
| tree | cf6555f26802c749873a46db5fab70eb04974b01 | |
| parent | 71b6dae1593d618be4530a9a9ecd8ac220c87fac (diff) | |
prevent unaligned memory access when processing LCP echo packets,
making pppoe(4) work on sparc64. Fixes PR-4311
Reported and fix tested by David Coppa < dcoppa at gmail com >
| -rw-r--r-- | sys/net/if_spppsubr.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index 99c23d68e13..62437471ab5 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_spppsubr.c,v 1.34 2005/06/08 06:55:33 henning Exp $ */ +/* $OpenBSD: if_spppsubr.c,v 1.35 2005/08/03 21:50:21 canacar Exp $ */ /* * Synchronous PPP/Cisco link level subroutines. * Keepalive protocol implemented in both Cisco and PPP modes. @@ -1269,6 +1269,7 @@ sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) int len = m->m_pkthdr.len; int rv; u_char *p; + u_long nmagic; if (len < 4) { if (debug) @@ -1554,14 +1555,23 @@ sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) SPP_ARGS(ifp), len); break; } - if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { + + nmagic = (u_long)p[0] << 24 | + (u_long)p[1] << 16 | p[2] << 8 | p[3]; + + if (nmagic == sp->lcp.magic) { /* Line loopback mode detected. */ printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); /* Shut down the PPP link. */ lcp.Close(sp); break; } - *(long*)(h+1) = htonl (sp->lcp.magic); + + p[0] = sp->lcp.magic >> 24; + p[1] = sp->lcp.magic >> 16; + p[2] = sp->lcp.magic >> 8; + p[3] = sp->lcp.magic; + if (debug) addlog(SPP_FMT "got lcp echo req, sending echo rep\n", SPP_ARGS(ifp)); @@ -1584,7 +1594,11 @@ sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) if (debug) addlog(SPP_FMT "lcp got echo rep\n", SPP_ARGS(ifp)); - if (ntohl (*(long*)(h+1)) != sp->lcp.magic) + + nmagic = (u_long)p[0] << 24 | + (u_long)p[1] << 16 | p[2] << 8 | p[3]; + + if (nmagic != sp->lcp.magic) sp->pp_alivecnt = 0; break; default: |