Hosting Provided By

sparc/2918: Alignment problem in ppp when using 'enable lqr'.

From: <fanch(at)enki.dyndns.org>
Date: Sat Sep 14 2002 - 10:36:23 EDT

>Number: 2918
>Category: sparc
>Synopsis: Alignment problem in ppp when using 'enable lqr'.
>Confidential: no
net
>Environment:

	System      : OpenBSD 3.1
	Architecture: OpenBSD.sparc
	Machine     : sparcstation 1+

>Description:

	When using 'enable lqr' in /etc/ppp/ppp.conf, ppp sigbus.

>How-To-Repeat:

	See above.

>Fix:

	In lcp.conf, when handling the TY_QUALPROTO (line 929 in current) in

LcpDecodeConfig(), access to cp are not protected against alignment problems. I corrected the problem in my lcp.c (3.1 patch branch) by using 2 intermediate variables (sorry for my English, I'm French), diff follows :

lcp.c.ori Sat Sep 14 16:21:59 2002 +++ lcp.c Sat Sep 14 16:26:42 2002 @@ -80,14 +80,6 @@ #include "ncp.h" #include "bundle.h"

-/* for received LQRs */
-struct lqrreq {
-  u_char type;
-  u_char length;
-  u_short proto;		/* Quality protocol */
-  u_int32_t period;		/* Reporting interval */
-};
-

static int LcpLayerUp(struct fsm *);
static void LcpLayerDown(struct fsm *); static void LcpLayerStart(struct fsm *); @@ -621,9 +613,8 @@

   /* Deal with incoming PROTO_LCP */
   struct lcp *lcp = fsm2lcp(fp);
   int type, length, sz, pos, op, callback_req;

-  u_int32_t magic, accmap;
+  u_int32_t magic, accmap, period;
   u_short mru, phmtu, maxmtu, maxmru, wantmtu, wantmru, proto;

- struct lqrreq *req;

   char request[20], desc[22];
   struct mp *mp;
   struct physical *p = link2physical(fp->link); @@ -937,18 +928,20 @@

break;

     case TY_QUALPROTO:
-      req = (struct lqrreq *)cp;
+      ua_ntohs(cp + 2, &proto);
+      ua_ntohl(cp + 4, &period);
       log_Printf(LogLCP, "%s proto %x, interval %lums\n",
-                request, ntohs(req->proto), (u_long)ntohl(req->period) * 10);
+                request, proto,
+		(u_long)period * 10);
       switch (mode_type) {
       case MODE_REQ:
-	if (ntohs(req->proto) != PROTO_LQR || !IsAccepted(lcp->cfg.lqr))
+	if (proto != PROTO_LQR || !IsAccepted(lcp->cfg.lqr))
 	  goto reqreject;
 	else {
-	  lcp->his_lqrperiod = ntohl(req->period);
+	  lcp->his_lqrperiod = period;
 	  if (lcp->his_lqrperiod < MIN_LQRPERIOD * 100)
 	    lcp->his_lqrperiod = MIN_LQRPERIOD * 100;
-	  req->period = htonl(lcp->his_lqrperiod);
+	  ua_htonl(&(lcp->his_lqrperiod), cp + 4);
 	  memcpy(dec->ackend, cp, length);
 	  dec->ackend += length;
 	}

>Release-Note:
Received on Thu Nov 7 15:39:50 2002

This message: [ Message body ]
Next message: Peter Haag: "pending/2861: Kernel panic: tsleep"
Previous message: Thorsten Glaser: "library/2863: [BUG] OpenSSL-bug, sendbug failed (was Fwd: Returned mail: see transcript for details)"
In reply to bigfoot(at)astrakan.hig.se: "kernel/2923: Ethernet drivers "always" calls if_attach() with ifp->if_addrlen == 0"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:36 EDT