Skip site navigation (1)Skip section navigation (2) 
Date:      30 May 2001 05:31:01 -0400
From:      Sudish Joseph <sudish@mindspring.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   alpha/27766: /usr/bin/ppp issues unaligned accesses and core dumps on an alpha
Message-ID:  <yviar8x7xjxm.fsf@ra.eng.mindspring.net>
next in thread | raw e-mail | index | archive | help 

>Number:         27766
>Category:       alpha
>Synopsis:       /usr/bin/ppp issues unaligned accesses and core dumps on alpha (patch included)
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-alpha
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 30 02:40:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Sudish Joseph
>Release:        FreeBSD 4.3-STABLE alpha
>Organization:
>Environment:
System: FreeBSD aleph.weenal.com 4.3-STABLE FreeBSD 4.3-STABLE #0: Wed May 30 02:26:09 GMT 2001 root@aleph.weenal.com:/usr/obj/usr/src/sys/SUDISH alpha
>Description:
/usr/sbin/ppp attempts unaligned accesses when resolving dns queries.
On an alpha this can and does cause a core dump.  The patch below removes
the unaligned access.
>How-To-Repeat:
Run /usr/bin/ppp on an alpha and do anything that causes ppp to do dns
lookups.  For instance, try a traceroute without -n.  Given the right 
dns reply packet -- one with unaligned data -- ppp dumps core.
>Fix:
The following patch replaces the unaligned access with a bcopy(), which
fixes the problem.

--- /usr/src/usr.sbin/ppp/ip.c	Thu May 17 19:11:47 2001
+++ /usr/src/usr.sbin/ppp/ip.c	Tue May 29 06:10:34 2001
@@ -452,6 +452,7 @@
   const u_char *ptr;
   u_short *hptr;
   int len;
+  u_short tmp;
 
   ptr = (const char *)uh + sizeof *uh;
   len = ntohs(uh->uh_ulen) - sizeof *uh;
@@ -489,8 +490,10 @@
       n += len;
     }
     *n = '\0';
-    qtype = dns_Qtype2Txt(ntohs(*(const u_short *)end));
-    qclass = dns_Qclass2Txt(ntohs(*(const u_short *)(end + 2)));
+    bcopy(end, &tmp, sizeof(tmp));
+    qtype = dns_Qtype2Txt(ntohs(tmp));
+    bcopy(end + 2, &tmp, sizeof(tmp));
+    qclass = dns_Qclass2Txt(ntohs(tmp));
 
     log_Printf(LogDNS, "%sbound query %s %s %s\n",
                direction, qclass, qtype, namewithdot);

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-alpha" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yviar8x7xjxm.fsf>