From patchwork Fri Jun 27 15:05:47 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Willmann <daniel@totalueberwachung.de>
X-Patchwork-Id: 364997
Return-Path: <openbsc-bounces@lists.osmocom.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from ganesha.gnumonks.org (ganesha.gnumonks.org
	[IPv6:2001:780:45:1d:225:90ff:fe52:c662])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id C71101400DD
	for <incoming@patchwork.ozlabs.org>;
	Sat, 28 Jun 2014 01:07:47 +1000 (EST)
Received: from localhost ([127.0.0.1] helo=ganesha.gnumonks.org)
	by ganesha.gnumonks.org with esmtp (Exim 4.72)
	(envelope-from <openbsc-bounces@lists.osmocom.org>)
	id 1X0XkV-0001hO-Q0; Fri, 27 Jun 2014 17:07:36 +0200
Received: from isonoe.totalueberwachung.de ([2a01:198:210:100::1])
	by ganesha.gnumonks.org with esmtps
	(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72)
	(envelope-from <alphaone@totalueberwachung.de>) id 1X0Xj1-0001h8-75
	for openbsc@lists.osmocom.org; Fri, 27 Jun 2014 17:06:08 +0200
Received: from adrastea.totalueberwachung.de (p4FC2BC85.dip0.t-ipconnect.de
	[79.194.188.133])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by isonoe.totalueberwachung.de (Postfix) with ESMTPSA id 9C56B6005F;
	Fri, 27 Jun 2014 17:06:00 +0200 (CEST)
Received: by adrastea.totalueberwachung.de (Postfix, from userid 1000)
	id 2D239220F0; Fri, 27 Jun 2014 17:05:59 +0200 (CEST)
From: Daniel Willmann <daniel@totalueberwachung.de>
To: OpenBSC Mailing List <openbsc@lists.osmocom.org>
Subject: [openbsc 1/3] libbsc, osmo-bsc{,
	_nat}: Prevent unaligned access when casting TLVP_VAL
Date: Fri, 27 Jun 2014 17:05:47 +0200
Message-Id: 
 <096d31f102dec08830c6516348b4648515648006.1403881549.git.daniel@totalueberwachung.de>
X-Mailer: git-send-email 1.8.4.2
X-Spam-Score: -0.0 (/)
Cc: Daniel Willmann <daniel@totalueberwachung.de>
X-BeenThere: openbsc@lists.osmocom.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development of the OpenBSC GSM base station controller
	<openbsc.lists.osmocom.org>
List-Unsubscribe: <https://lists.osmocom.org/mailman/options/openbsc>,
	<mailto:openbsc-request@lists.osmocom.org?subject=unsubscribe>
List-Archive: <http://lists.osmocom.org/pipermail/openbsc>
List-Post: <mailto:openbsc@lists.osmocom.org>
List-Help: <mailto:openbsc-request@lists.osmocom.org?subject=help>
List-Subscribe: <https://lists.osmocom.org/mailman/listinfo/openbsc>,
	<mailto:openbsc-request@lists.osmocom.org?subject=subscribe>
Sender: openbsc-bounces@lists.osmocom.org
Errors-To: openbsc-bounces@lists.osmocom.org

foo = *((uintXX_t *) TLVP_VAL(...) can lead to unaligned access. To
prevent that use tlvp_valXX_unal() to get the values.
---
 openbsc/src/libbsc/abis_rsl.c             | 10 +++++-----
 openbsc/src/osmo-bsc/osmo_bsc_bssap.c     |  2 +-
 openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/openbsc/src/libbsc/abis_rsl.c b/openbsc/src/libbsc/abis_rsl.c
index 748ab7e..d193078 100644
--- a/openbsc/src/libbsc/abis_rsl.c
+++ b/openbsc/src/libbsc/abis_rsl.c
@@ -1804,20 +1804,20 @@ static void ipac_parse_rtp(struct gsm_lchan *lchan, struct tlv_parsed *tv)
 	uint16_t port, conn_id;
 
 	if (TLVP_PRESENT(tv, RSL_IE_IPAC_LOCAL_IP)) {
-		ip.s_addr = *((uint32_t *) TLVP_VAL(tv, RSL_IE_IPAC_LOCAL_IP));
+		ip.s_addr = tlvp_val32_unal(tv, RSL_IE_IPAC_LOCAL_IP);
 		DEBUGPC(DRSL, "LOCAL_IP=%s ", inet_ntoa(ip));
 		lchan->abis_ip.bound_ip = ntohl(ip.s_addr);
 	}
 
 	if (TLVP_PRESENT(tv, RSL_IE_IPAC_LOCAL_PORT)) {
-		port = *((uint16_t *) TLVP_VAL(tv, RSL_IE_IPAC_LOCAL_PORT));
+		port = tlvp_val16_unal(tv, RSL_IE_IPAC_LOCAL_PORT);
 		port = ntohs(port);
 		DEBUGPC(DRSL, "LOCAL_PORT=%u ", port);
 		lchan->abis_ip.bound_port = port;
 	}
 
 	if (TLVP_PRESENT(tv, RSL_IE_IPAC_CONN_ID)) {
-		conn_id = *((uint16_t *) TLVP_VAL(tv, RSL_IE_IPAC_CONN_ID));
+		conn_id = tlvp_val16_unal(tv, RSL_IE_IPAC_CONN_ID);
 		conn_id = ntohs(conn_id);
 		DEBUGPC(DRSL, "CON_ID=%u ", conn_id);
 		lchan->abis_ip.conn_id = conn_id;
@@ -1838,13 +1838,13 @@ static void ipac_parse_rtp(struct gsm_lchan *lchan, struct tlv_parsed *tv)
 	}
 
 	if (TLVP_PRESENT(tv, RSL_IE_IPAC_REMOTE_IP)) {
-		ip.s_addr = *((uint32_t *) TLVP_VAL(tv, RSL_IE_IPAC_REMOTE_IP));
+		ip.s_addr = tlvp_val32_unal(tv, RSL_IE_IPAC_REMOTE_IP);
 		DEBUGPC(DRSL, "REMOTE_IP=%s ", inet_ntoa(ip));
 		lchan->abis_ip.connect_ip = ntohl(ip.s_addr);
 	}
 
 	if (TLVP_PRESENT(tv, RSL_IE_IPAC_REMOTE_PORT)) {
-		port = *((uint16_t *) TLVP_VAL(tv, RSL_IE_IPAC_REMOTE_PORT));
+		port = tlvp_val16_unal(tv, RSL_IE_IPAC_REMOTE_PORT);
 		port = ntohs(port);
 		DEBUGPC(DRSL, "REMOTE_PORT=%u ", port);
 		lchan->abis_ip.connect_port = port;
diff --git a/openbsc/src/osmo-bsc/osmo_bsc_bssap.c b/openbsc/src/osmo-bsc/osmo_bsc_bssap.c
index c2c2417..f58d96f 100644
--- a/openbsc/src/osmo-bsc/osmo_bsc_bssap.c
+++ b/openbsc/src/osmo-bsc/osmo_bsc_bssap.c
@@ -135,7 +135,7 @@ static int bssmap_handle_paging(struct osmo_msc_data *msc,
 
 	if (TLVP_PRESENT(&tp, GSM0808_IE_TMSI) &&
 	    TLVP_LEN(&tp, GSM0808_IE_TMSI) == 4) {
-		tmsi = ntohl(*(uint32_t *) TLVP_VAL(&tp, GSM0808_IE_TMSI));
+		tmsi = ntohl(tlvp_val32_unal(&tp, GSM0808_IE_TMSI));
 	}
 
 	/*
diff --git a/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c b/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c
index 22b8a35..e13827b 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_mgcp_utils.c
@@ -191,7 +191,7 @@ int bsc_mgcp_assign_patch(struct nat_sccp_connection *con, struct msgb *msg)
 		return -1;
 	}
 
-	cic = ntohs(*(uint16_t *)TLVP_VAL(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE));
+	cic = ntohs(tlvp_val16_unal(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE));
 	timeslot = cic & 0x1f;
 	multiplex = (cic & ~0x1f) >> 5;