Replace unaligned 16bit access to TCP MSS value with bytewise access

TCP options are not always word-aligned, and accessing a 16bit value
at an odd memory address will cause a "bus error" crash on some
architectures, e.g. Linux/Sparc(64)

Trac #497

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1440680402-96548-1-git-send-email-gert@greenie.muc.de>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10056

diff --git a/src/openvpn/mss.c b/src/openvpn/mss.c
index 64fd722feba9ab3ef9bc088a738a749ae34e14e9..7298c7bb5db637b79ecfbcb103d8275730844934 100644 (file)
--- a/src/openvpn/mss.c
+++ b/src/openvpn/mss.c
@@ -129,7 +129,7 @@ mss_fixup_dowork (struct buffer *buf, uint16_t maxmss)
 {
   int hlen, olen, optlen;
   uint8_t *opt;
-  uint16_t *mss;
+  uint16_t mssval;
   int accumulate;
   struct openvpn_tcphdr *tc;
 
@@ -159,14 +159,13 @@ mss_fixup_dowork (struct buffer *buf, uint16_t maxmss)
       if (*opt == OPENVPN_TCPOPT_MAXSEG) {
         if (optlen != OPENVPN_TCPOLEN_MAXSEG)
           continue;
-        mss = (uint16_t *)(opt + 2);
-        if (ntohs (*mss) > maxmss) {
-          dmsg (D_MSS, "MSS: %d -> %d",
-               (int) ntohs (*mss),
-              (int) maxmss);
-          accumulate = *mss;
-          *mss = htons (maxmss);
-          accumulate -= *mss;
+       mssval = (opt[2]<<8)+opt[3];
+       if (mssval > maxmss) {
+         dmsg (D_MSS, "MSS: %d -> %d", (int) mssval, (int) maxmss);
+         accumulate = htons(mssval);
+         opt[2] = (maxmss>>8)&0xff;
+         opt[3] = maxmss&0xff;
+         accumulate -= htons(maxmss);
           ADJUST_CHECKSUM (accumulate, tc->check);
         }
       }