From: Arne Schwabe Date: Mon, 30 Jan 2023 17:29:32 +0000 (+0100) Subject: Fix unaligned access in auth-token X-Git-Tag: v2.7_alpha1~571 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f6ccff6d7ea806711f9af59c9de52b7cf80d9c81;p=thirdparty%2Fopenvpn.git Fix unaligned access in auth-token The undefined behaviour USAN clang checker found this. The optimiser of clang/gcc will optimise the memcpy away in the auth_token case and output excactly the same assembly on amd64/arm64 but it is still better to not rely on undefined behaviour. Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20230130172936.3444840-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26103.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index 7b963a9c5..e4486eb08 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -324,8 +324,14 @@ verify_auth_token(struct user_pass *up, struct tls_multi *multi, const uint8_t *tstamp_initial = sessid + AUTH_TOKEN_SESSION_ID_LEN; const uint8_t *tstamp = tstamp_initial + sizeof(int64_t); - uint64_t timestamp = ntohll(*((uint64_t *) (tstamp))); - uint64_t timestamp_initial = ntohll(*((uint64_t *) (tstamp_initial))); + /* tstamp, tstamp_initial might not be aligned to an uint64, use memcpy + * to avoid unaligned access */ + uint64_t timestamp = 0, timestamp_initial = 0; + memcpy(×tamp, tstamp, sizeof(uint64_t)); + timestamp = ntohll(timestamp); + + memcpy(×tamp_initial, tstamp_initial, sizeof(uint64_t)); + timestamp_initial = ntohll(timestamp_initial); hmac_ctx_t *ctx = multi->opt.auth_token_key.hmac; if (check_hmac_token(ctx, b64decoded, up->username))