bgpd: fix unaligned access to addpath id

uint8_t * cannot be cast to uint32_t * unless the
pointed-to address is aligned according to uint32_t's
alignment rules. And it usually is not.

Signed-off-by: Santosh P K <sapk@vmware.com>

diff --git a/bgpd/bgp_evpn.c b/bgpd/bgp_evpn.c
index 4d02e39ae22173ce70ef00b64a3cdb8d6ee8efee..739f8e605f76241b7cce84853569ae16ae257759 100644 (file)
--- a/bgpd/bgp_evpn.c
+++ b/bgpd/bgp_evpn.c
@@ -4925,7 +4925,8 @@ int bgp_nlri_parse_evpn(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN > lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       addpath_id = ntohl(*((uint32_t *)pnt));
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+                       addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }
 

diff --git a/bgpd/bgp_label.c b/bgpd/bgp_label.c
index 489ac6ea9f86d724e7191d556ad55184f5985a72..ff1ab1a37d9e3e5a0fa3f8204c0e90b115aae2a5 100644 (file)
--- a/bgpd/bgp_label.c
+++ b/bgpd/bgp_label.c
@@ -368,7 +368,8 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN > lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       addpath_id = ntohl(*((uint32_t *)pnt));
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+                       addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }
 

diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c
index e8d306256167120957b1550df3bc215023a75fd2..3ad41ca620dc19adbb5eede21a48001ce7610de0 100644 (file)
--- a/bgpd/bgp_mplsvpn.c
+++ b/bgpd/bgp_mplsvpn.c
@@ -142,7 +142,8 @@ int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN > lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       addpath_id = ntohl(*((uint32_t *)pnt));
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
+                       addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }
 

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index d7f7fb0112d5d8db44aaee222b38d61f7debbe92..ea451f5f8dbdb89edd215ea1cb0d95fe3ffb94ed 100644 (file)
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -4468,7 +4468,7 @@ int bgp_nlri_parse_ip(struct peer *peer, struct attr *attr,
                        if (pnt + BGP_ADDPATH_ID_LEN > lim)
                                return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
 
-                       memcpy(&addpath_id, pnt, 4);
+                       memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
                        addpath_id = ntohl(addpath_id);
                        pnt += BGP_ADDPATH_ID_LEN;
                }