Skip to content

Commit

Permalink
cleanup(libscap): fix unaligned memory reads
Browse files Browse the repository at this point in the history
Signed-off-by: Luca Guerra <[email protected]>
  • Loading branch information
LucaGuerra committed Feb 8, 2024
1 parent 553a772 commit fd6a68f
Showing 1 changed file with 10 additions and 11 deletions.
21 changes: 10 additions & 11 deletions userspace/libscap/engine/savefile/scap_savefile.c
Original file line number Diff line number Diff line change
Expand Up @@ -811,8 +811,8 @@ static int32_t scap_read_iflist(scap_reader_t* r, uint32_t block_length, uint32_

if(block_type != IL_BLOCK_TYPE_V2)
{
iftype = *(uint16_t *)pif;
ifnamlen = *(uint16_t *)(pif + 2);
memcpy(&iftype, pif, sizeof(iftype));
memcpy(&ifnamlen, pif + 2, sizeof(ifnamlen));

if(iftype == SCAP_II_IPV4)
{
Expand All @@ -833,16 +833,16 @@ static int32_t scap_read_iflist(scap_reader_t* r, uint32_t block_length, uint32_
else
{
snprintf(error, SCAP_LASTERR_SIZE, "trace file has corrupted interface list(1)");
ASSERT(false);
res = SCAP_FAILURE;
goto scap_read_iflist_error;
}
}
else
{
entrysize = *(uint32_t *)pif + sizeof(uint32_t);
iftype = *(uint16_t *)(pif + 4);
ifnamlen = *(uint16_t *)(pif + 4 + 2);
memcpy(&entrysize, pif, sizeof(entrysize));
entrysize += sizeof(uint32_t);
memcpy(&iftype, pif + 4, sizeof(iftype));
memcpy(&ifnamlen, pif + 4 + 2, sizeof(ifnamlen));
}

if(toread < entrysize)
Expand All @@ -865,7 +865,6 @@ static int32_t scap_read_iflist(scap_reader_t* r, uint32_t block_length, uint32_
}
else
{
ASSERT(false);
snprintf(error, SCAP_LASTERR_SIZE, "unknown interface type %d", (int)iftype);
res = SCAP_FAILURE;
goto scap_read_iflist_error;
Expand Down Expand Up @@ -942,13 +941,13 @@ static int32_t scap_read_iflist(scap_reader_t* r, uint32_t block_length, uint32_

if(block_type == IL_BLOCK_TYPE_V2)
{
entrysize = *(uint32_t *)pif;
memcpy(&entrysize, pif, sizeof(entrysize));
totreadsize += sizeof(uint32_t);
pif += sizeof(uint32_t);
}

iftype = *(uint16_t *)pif;
ifnamlen = *(uint16_t *)(pif + 2);
memcpy(&iftype, pif, sizeof(iftype));
memcpy(&ifnamlen, pif + 2, sizeof(ifnamlen));

if(ifnamlen >= SCAP_MAX_PATH_SIZE)
{
Expand Down Expand Up @@ -1956,7 +1955,7 @@ static int32_t next(struct scap_engine_handle engine, scap_evt **pevent, uint16_

if(bh.block_type == EVF_BLOCK_TYPE || bh.block_type == EVF_BLOCK_TYPE_V2 || bh.block_type == EVF_BLOCK_TYPE_V2_LARGE)
{
*pflags = *(uint32_t *)(handle->m_reader_evt_buf + sizeof(uint16_t));
memcpy(pflags, handle->m_reader_evt_buf + sizeof(uint16_t), sizeof(uint32_t));
*pevent = (struct ppm_evt_hdr *)(handle->m_reader_evt_buf + sizeof(uint16_t) + sizeof(uint32_t));
}
else
Expand Down

0 comments on commit fd6a68f

Please sign in to comment.