diff options
author | Arne Schwabe | 2023-01-30 18:29:32 +0100 |
---|---|---|
committer | Gert Doering | 2023-02-01 15:07:31 +0100 |
commit | 6241b2f8dbe39062a3273499a0259750d2f02cf8 (patch) | |
tree | 66ba08a3a97d86f917a5fb140411e39bcd57a693 /src/openvpn/auth_token.c | |
parent | 680ba43355f6d9e4dcdf6c6eb9ace09946dba8f3 (diff) | |
download | openvpn-6241b2f8dbe39062a3273499a0259750d2f02cf8.zip openvpn-6241b2f8dbe39062a3273499a0259750d2f02cf8.tar.gz |
Fix unaligned access in auth-token
The undefined behaviour USAN clang checker found this. The optimiser
of clang/gcc will optimise the memcpy away in the auth_token case and
output excactly the same assembly on amd64/arm64 but it is still better
to not rely on undefined behaviour.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230130172936.3444840-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26103.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f6ccff6d7ea806711f9af59c9de52b7cf80d9c81)
Diffstat (limited to 'src/openvpn/auth_token.c')
-rw-r--r-- | src/openvpn/auth_token.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index 7b963a9..e4486eb 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -324,8 +324,14 @@ verify_auth_token(struct user_pass *up, struct tls_multi *multi, const uint8_t *tstamp_initial = sessid + AUTH_TOKEN_SESSION_ID_LEN; const uint8_t *tstamp = tstamp_initial + sizeof(int64_t); - uint64_t timestamp = ntohll(*((uint64_t *) (tstamp))); - uint64_t timestamp_initial = ntohll(*((uint64_t *) (tstamp_initial))); + /* tstamp, tstamp_initial might not be aligned to an uint64, use memcpy + * to avoid unaligned access */ + uint64_t timestamp = 0, timestamp_initial = 0; + memcpy(×tamp, tstamp, sizeof(uint64_t)); + timestamp = ntohll(timestamp); + + memcpy(×tamp_initial, tstamp_initial, sizeof(uint64_t)); + timestamp_initial = ntohll(timestamp_initial); hmac_ctx_t *ctx = multi->opt.auth_token_key.hmac; if (check_hmac_token(ctx, b64decoded, up->username)) |