From bee0b3c9d1f38f03b325e7c67a5a918a0837f900 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 4 Mar 2010 15:51:59 +0100
Subject: parse: fix access to u64 attributes in netlink messages

This patch fixes parsing of 64 bits attributes (that are unaligned)
in ctnetlink. It would be better to add nfnl_get_uX() functions
similar to those in include/net/netlink.h to libnfnetlink to avoid
this sort of errors.

Reported-by: Jan Engelhardt <jengelh@medozas.es>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/parse.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

(limited to 'src/conntrack')

diff --git a/src/conntrack/parse.c b/src/conntrack/parse.c
index 0e0cd58..60dabe4 100644
--- a/src/conntrack/parse.c
+++ b/src/conntrack/parse.c
@@ -276,9 +276,11 @@ static void __parse_protoinfo_dccp(const struct nfattr *attr,
 		set_bit(ATTR_DCCP_ROLE, ct->set);
 	}
 	if (tb[CTA_PROTOINFO_DCCP_SEQ-1]) {
-		ct->protoinfo.dccp.handshake_seq =
-			__be64_to_cpu(*(u_int64_t *)
-				NFA_DATA(tb[CTA_PROTOINFO_DCCP_SEQ-1]));
+		u_int64_t tmp;
+		memcpy(&tmp,
+		       NFA_DATA(tb[CTA_PROTOINFO_DCCP_SEQ-1]),
+		       sizeof(tmp));
+		ct->protoinfo.dccp.handshake_seq = __be64_to_cpu(tmp);
 		set_bit(ATTR_DCCP_HANDSHAKE_SEQ, ct->set);
 	}
 }
@@ -314,10 +316,13 @@ static void __parse_counters(const struct nfattr *attr,
 				= ntohl(*(u_int32_t *)
 					NFA_DATA(tb[CTA_COUNTERS32_PACKETS-1]));
 
-		if (tb[CTA_COUNTERS_PACKETS-1])
-			ct->counters[dir].packets
-				= __be64_to_cpu(*(u_int64_t *)
-					NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]));
+		if (tb[CTA_COUNTERS_PACKETS-1]) {
+			u_int64_t tmp;
+			memcpy(&tmp,
+			       NFA_DATA(tb[CTA_COUNTERS_PACKETS-1]),
+			       sizeof(tmp));
+			ct->counters[dir].packets = __be64_to_cpu(tmp);
+		}
 
 		switch(dir) {
 		case __DIR_ORIG:
@@ -335,10 +340,13 @@ static void __parse_counters(const struct nfattr *attr,
 				= ntohl(*(u_int32_t *)
 					NFA_DATA(tb[CTA_COUNTERS32_BYTES-1]));
 
-		if (tb[CTA_COUNTERS_BYTES-1])
-			ct->counters[dir].bytes
-				= __be64_to_cpu(*(u_int64_t *)
-					NFA_DATA(tb[CTA_COUNTERS_BYTES-1]));
+		if (tb[CTA_COUNTERS_BYTES-1]) {
+			u_int64_t tmp;
+			memcpy(&tmp,
+			       NFA_DATA(tb[CTA_COUNTERS_BYTES-1]),
+			       sizeof(tmp));
+			ct->counters[dir].bytes = __be64_to_cpu(tmp);
+		}
 
 		switch(dir) {
 		case __DIR_ORIG:
-- 
cgit v1.2.3