From 0bf0d74b01ffabca588c3a06027436a4d2944618 Mon Sep 17 00:00:00 2001 From: fatbob313 Date: Thu, 14 Jan 2010 21:20:29 +0000 Subject: [PATCH] Fix pointer dereferencing to unaligned data. Many platforms do not support it, ARM to mention one... Also fix potential bug in receive logic. --- src/client.c | 7 ++++--- src/messages.c | 23 +++++++++++++++-------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/src/client.c b/src/client.c index 2294b3a..cb7452e 100644 --- a/src/client.c +++ b/src/client.c @@ -300,7 +300,7 @@ int Client_read(client_t *client) do { errno = 0; if (!client->msgsize) - rc = SSL_read(client->ssl, client->rxbuf, 6 - client->rxcount); + rc = SSL_read(client->ssl, &client->rxbuf[client->rxcount], 6 - client->rxcount); else if (client->drainleft > 0) rc = SSL_read(client->ssl, client->rxbuf, client->drainleft > BUFSIZE ? BUFSIZE : client->drainleft); else @@ -312,8 +312,9 @@ int Client_read(client_t *client) else { client->rxcount += rc; if (!client->msgsize && client->rxcount >= 6) { - uint32_t *msgLen = (uint32_t *) &client->rxbuf[2]; - client->msgsize = ntohl(*msgLen); + uint32_t msgLen; + memcpy(&msgLen, &client->rxbuf[2], sizeof(uint32_t)); + client->msgsize = ntohl(msgLen); } if (client->msgsize > BUFSIZE - 6 && client->drainleft == 0) { Log_warn("Too big message received (%d). Discarding.", client->msgsize); diff --git a/src/messages.c b/src/messages.c index ee32f7f..b290257 100644 --- a/src/messages.c +++ b/src/messages.c @@ -45,20 +45,27 @@ static message_t *Msg_create_nopayload(messageType_t messageType); void Msg_addPreamble(uint8_t *buffer, uint16_t type, uint32_t len) { - uint16_t *msgType = (uint16_t *) &buffer[0]; - uint32_t *msgLen = (uint32_t *) &buffer[2]; + type = htons(type); + len = htonl(len); - *msgType = htons(type); - *msgLen = htonl(len); + buffer[0] = (type) & 0xff; + buffer[1] = (type >> 8) & 0xff; + + buffer[2] = (len) & 0xff; + buffer[3] = (len >> 8) & 0xff; + buffer[4] = (len >> 16) & 0xff; + buffer[5] = (len >> 24) & 0xff; } static void Msg_getPreamble(uint8_t *buffer, int *type, int *len) { - uint16_t *msgType = (uint16_t *) &buffer[0]; - uint32_t *msgLen = (uint32_t *) &buffer[2]; + uint16_t msgType; + uint32_t msgLen; - *type = (int)ntohs(*msgType); - *len = (int)ntohl(*msgLen); + msgType = buffer[0] | (buffer[1] << 8); + msgLen = buffer[2] | (buffer[3] << 8) | (buffer[4] << 16) | (buffer[5] << 24); + *type = (int)ntohs(msgType); + *len = (int)ntohl(msgLen); } #define MAX_MSGSIZE (BUFSIZE - 6) -- 2.30.2