upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-05-28 04:03:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix unaligned access in auth-token

Browse source 
The undefined behaviour USAN clang checker found this. The optimiser
of clang/gcc will optimise the memcpy away in the auth_token case and
output excactly the same assembly on amd64/arm64 but it is still better
to not rely on undefined behaviour.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20230130172936.3444840-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26103.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2023-01-30 18:29:32 +01:00 committed by Gert Doering
parent ffcf20ca70
commit f6ccff6d7e
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/openvpn/auth_token.c
View file

@ -324,8 +324,14 @@ verify_auth_token(struct user_pass *up, struct tls_multi *multi,
const uint8_t *tstamp_initial = sessid + AUTH_TOKEN_SESSION_ID_LEN;
const uint8_t *tstamp = tstamp_initial + sizeof(int64_t);
uint64_t timestamp = ntohll(*((uint64_t *) (tstamp)));
uint64_t timestamp_initial = ntohll(*((uint64_t *) (tstamp_initial)));
/* tstamp, tstamp_initial might not be aligned to an uint64, use memcpy
* to avoid unaligned access */
uint64_t timestamp = 0, timestamp_initial = 0;
memcpy(&timestamp, tstamp, sizeof(uint64_t));
timestamp = ntohll(timestamp);
memcpy(&timestamp_initial, tstamp_initial, sizeof(uint64_t));
timestamp_initial = ntohll(timestamp_initial);
hmac_ctx_t *ctx = multi->opt.auth_token_key.hmac;
if (check_hmac_token(ctx, b64decoded, up->username))