From 985ba0546ab18eadf73d0a2686029a3ac876c846 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Wed, 16 Mar 2016 23:05:56 +0100 Subject: [PATCH] Avoid member access within misaligned address for ancillary data buffer. For glibc-2.23, the CMSG_FIRSTHDR macro is defined as #define CMSG_FIRSTHDR(mhdr) \ ((size_t) (mhdr)->msg_controllen >= sizeof (struct cmsghdr) \ ? (struct cmsghdr *) (mhdr)->msg_control : (struct cmsghdr *) 0) In recv_cred_buffer(), pass_afd() and dispose_fds() the on-stack ancillary data buffer is not necessarily aligned. The pointer is cast to struct cmsghdr *, then dereferenced, resulting in undefined behaviour due to the lack of alignment. This patch asks the compiler to align the ancillary data buffers. --- afs.c | 2 +- net.c | 2 +- vss.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/afs.c b/afs.c index c87fdf78..1a5e602d 100644 --- a/afs.c +++ b/afs.c @@ -419,7 +419,7 @@ static int pass_afd(int fd, char *buf, size_t size) { struct msghdr msg = {.msg_iov = NULL}; struct cmsghdr *cmsg; - char control[255]; + char control[255] __a_aligned(8); int ret; struct iovec iov; diff --git a/net.c b/net.c index 2ec3f03e..708e83f2 100644 --- a/net.c +++ b/net.c @@ -980,7 +980,7 @@ static void dispose_fds(int *fds, unsigned num) */ int recv_cred_buffer(int fd, char *buf, size_t size) { - char control[255]; + char control[255] __a_aligned(8); struct msghdr msg; struct cmsghdr *cmsg; struct iovec iov; diff --git a/vss.c b/vss.c index 06707d6c..4c9f3623 100644 --- a/vss.c +++ b/vss.c @@ -938,7 +938,7 @@ static void vss_pre_select(struct sched *s, struct task *t) static int recv_afs_msg(int afs_socket, int *fd, uint32_t *code, uint32_t *data) { - char control[255], buf[8]; + char control[255] __a_aligned(8), buf[8]; struct msghdr msg = {.msg_iov = NULL}; struct cmsghdr *cmsg; struct iovec iov; -- 2.39.2