netfilter buglog - Dec 2003 - [Bug 84] Unaligned access in ip_tables.c:ip_packet_match

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=84





------- Additional Comments From tv@debian.org  2003-12-26 18:12 -------
Just wanted to note that
http://lists.netfilter.org/pipermail/netfilter-devel/2003-September/012316.html
http://lists.netfilter.org/pipermail/netfilter-devel/2003-September/012305.html
talk about the same subject, that the same bug triggers an ugly crash on
m68k-nommu. This patch fixes all the symptoms I am seeing.

--- linux-2.4.orig/net/ipv4/netfilter/ip_tables.c	2003-12-26 12:13:58.000000000
+0200
+++ linux-2.4/net/ipv4/netfilter/ip_tables.c	2003-12-26 12:11:01.000000000 +0200
@@ -151,11 +151,11 @@ ip_packet_match(const struct iphdr *ip,
 	}
 
 	/* Look for ifname matches; this should unroll nicely. */
- 	for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
- 		ret |= (((const unsigned long *)indev)[i]
- 			^ ((const unsigned long *)ipinfo->iniface)[i])
- 			& ((const unsigned long *)ipinfo->iniface_mask)[i];
- 	}
+	for (i = 0, ret = 0; i < IFNAMSIZ; i++) {
+		ret |= (indev[i]
+			^ ipinfo->iniface[i])
+			& ipinfo->iniface_mask[i];
+	}
 
 	if (FWINV(ret != 0, IPT_INV_VIA_IN)) {
 		dprintf("VIA in mismatch (%s vs %s).%s\n",
@@ -164,11 +172,11 @@ ip_packet_match(const struct iphdr *ip,
 		return 0;
 	}
 
- 	for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
- 		ret |= (((const unsigned long *)outdev)[i]
- 			^ ((const unsigned long *)ipinfo->outiface)[i])
- 			& ((const unsigned long *)ipinfo->outiface_mask)[i];
- 	}
+	for (i = 0, ret = 0; i < IFNAMSIZ; i++) {
+		ret |= (outdev[i]
+			^ ipinfo->outiface[i])
+			& ipinfo->outiface_mask[i];
+	}
 
 	if (FWINV(ret != 0, IPT_INV_VIA_OUT)) {
 		dprintf("VIA out mismatch (%s vs %s).%s\n",



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=84





------- Additional Comments From tv@debian.org  2003-12-26 18:29 -------
This works for me, too.

--- linux-2.4.orig/net/ipv4/netfilter/ip_tables.c	2003-12-26 19:24:46.000000000
+0200
+++ linux-2.4/net/ipv4/netfilter/ip_tables.c	2003-12-26 18:58:30.000000000 +0200
@@ -260,7 +278,11 @@ ipt_do_table(struct sk_buff **pskb,
 	     struct ipt_table *table,
 	     void *userdata)
 {
-	static const char nulldevname[IFNAMSIZ] = { 0 };
+	/* Pointer to nulldevname may be dereferenced as unsigned
+	   long* in ip_packet_match. We need to guarantee
+	   sufficient alignment here. */
+	static const char nulldevname[IFNAMSIZ]
+		__attribute__((__aligned__(__alignof__ (unsigned long))));
 	u_int16_t offset;
 	struct iphdr *ip;
 	void *protohdr;




------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=84

laforge@netfilter.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From laforge@netfilter.org  2004-01-05 11:58 -------
I prefer the later fix and I'll push it for kernel inclusion.

However, AFAICT it is missing the initialization to '0'.

I'll add that and put the fix in patch-o-matic
(pending/61_nulldev_alignment.patch).

Thanks a lot.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.