From owner-freebsd-alpha  Wed May 30  2:40: 7 2001
Delivered-To: freebsd-alpha@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 38A4437B423
	for <freebsd-alpha@freebsd.org>; Wed, 30 May 2001 02:40:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f4U9e1D27722;
	Wed, 30 May 2001 02:40:01 -0700 (PDT)
	(envelope-from gnats)
Received: from ra.eng.mindspring.net (ra.eng.mindspring.net [207.69.192.184])
	by hub.freebsd.org (Postfix) with SMTP id 8EA4937B422
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 30 May 2001 02:31:10 -0700 (PDT)
	(envelope-from sudish@mindspring.com)
Received: (qmail 1446 invoked by uid 52477); 30 May 2001 09:31:01 -0000
Message-Id: <yviar8x7xjxm.fsf@ra.eng.mindspring.net>
Date: 30 May 2001 05:31:01 -0400
From: Sudish Joseph <sudish@mindspring.com>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: alpha/27766: /usr/bin/ppp issues unaligned accesses and core dumps on an alpha
Sender: owner-freebsd-alpha@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-alpha.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-alpha>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-alpha>
X-Loop: FreeBSD.org


>Number:         27766
>Category:       alpha
>Synopsis:       /usr/bin/ppp issues unaligned accesses and core dumps on alpha (patch included)
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-alpha
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 30 02:40:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Sudish Joseph
>Release:        FreeBSD 4.3-STABLE alpha
>Organization:
>Environment:
System: FreeBSD aleph.weenal.com 4.3-STABLE FreeBSD 4.3-STABLE #0: Wed May 30 02:26:09 GMT 2001 root@aleph.weenal.com:/usr/obj/usr/src/sys/SUDISH alpha
>Description:
/usr/sbin/ppp attempts unaligned accesses when resolving dns queries.
On an alpha this can and does cause a core dump.  The patch below removes
the unaligned access.
>How-To-Repeat:
Run /usr/bin/ppp on an alpha and do anything that causes ppp to do dns
lookups.  For instance, try a traceroute without -n.  Given the right 
dns reply packet -- one with unaligned data -- ppp dumps core.
>Fix:
The following patch replaces the unaligned access with a bcopy(), which
fixes the problem.

--- /usr/src/usr.sbin/ppp/ip.c	Thu May 17 19:11:47 2001
+++ /usr/src/usr.sbin/ppp/ip.c	Tue May 29 06:10:34 2001
@@ -452,6 +452,7 @@
   const u_char *ptr;
   u_short *hptr;
   int len;
+  u_short tmp;
 
   ptr = (const char *)uh + sizeof *uh;
   len = ntohs(uh->uh_ulen) - sizeof *uh;
@@ -489,8 +490,10 @@
       n += len;
     }
     *n = '\0';
-    qtype = dns_Qtype2Txt(ntohs(*(const u_short *)end));
-    qclass = dns_Qclass2Txt(ntohs(*(const u_short *)(end + 2)));
+    bcopy(end, &tmp, sizeof(tmp));
+    qtype = dns_Qtype2Txt(ntohs(tmp));
+    bcopy(end + 2, &tmp, sizeof(tmp));
+    qclass = dns_Qclass2Txt(ntohs(tmp));
 
     log_Printf(LogDNS, "%sbound query %s %s %s\n",
                direction, qclass, qtype, namewithdot);

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-alpha" in the body of the message