]> git.proxmox.com Git - mirror_frr.git/commitdiff
projects / mirror_frr.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: edd8ece)
bgpd: fix unaligned access to addpath id
authorSantosh P K <sapk@vmware.com>
Tue, 7 Jan 2020 15:47:13 +0000 (07:47 -0800)
committerSantosh P K <sapk@vmware.com>
Tue, 7 Jan 2020 15:47:13 +0000 (07:47 -0800)
uint8_t * cannot be cast to uint32_t * unless the
pointed-to address is aligned according to uint32_t's
alignment rules. And it usually is not.

Signed-off-by: Santosh P K <sapk@vmware.com>
bgpd/bgp_evpn.c patch | blob | blame | history
bgpd/bgp_label.c patch | blob | blame | history
bgpd/bgp_mplsvpn.c patch | blob | blame | history
bgpd/bgp_route.c patch | blob | blame | history

diff --git a/bgpd/bgp_evpn.c b/bgpd/bgp_evpn.c
index b8798a7cedcc10f47a59f5f5fcfd62627a8ff329..79a8fae530a005e74d562543af73627c2dbba19f 100644 (file)
--- a/bgpd/bgp_evpn.c
+++ b/bgpd/bgp_evpn.c
@@ -5100,7 +5100,8 @@ int bgp_nlri_parse_evpn(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN > lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       addpath_id = ntohl(*((uint32_t *)pnt));
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+                       addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }
 
diff --git a/bgpd/bgp_label.c b/bgpd/bgp_label.c
index 489ac6ea9f86d724e7191d556ad55184f5985a72..ff1ab1a37d9e3e5a0fa3f8204c0e90b115aae2a5 100644 (file)
--- a/bgpd/bgp_label.c
+++ b/bgpd/bgp_label.c
@@ -368,7 +368,8 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN > lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       addpath_id = ntohl(*((uint32_t *)pnt));
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+                       addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }
 
diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c
index 59ed433e581a0a1e841746d7eb73b790786754d1..86c04b71f07429b0eea345a2a913525fa8ab3ebf 100644 (file)
--- a/bgpd/bgp_mplsvpn.c
+++ b/bgpd/bgp_mplsvpn.c
@@ -142,7 +142,8 @@ int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN > lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       addpath_id = ntohl(*((uint32_t *)pnt));
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+                       addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }
 
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index b216f85c40c48e548210032030222c3f3b7e4697..5f4486b8004252115eed66fa33771999d78f33ca 100644 (file)
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -4515,7 +4515,7 @@ int bgp_nlri_parse_ip(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN >= lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       memcpy(&addpath_id, pnt, 4);
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
                        addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }
FRRouting mirror