From 154d839f3d88e8897e3a208ad7b1b6698a8c0504 Mon Sep 17 00:00:00 2001 From: Andrew Royes Date: Thu, 14 Mar 2019 10:38:31 -0700 Subject: [PATCH] Fix misaligned read in StunMessage::Read Change-Id: I10ba8f08d13751814a07d6f4e364bc7e7224d0e7 BUG: webrtc:10403 Change-Id: I10ba8f08d13751814a07d6f4e364bc7e7224d0e7 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/127328 Commit-Queue: Steve Anton Reviewed-by: Steve Anton Cr-Commit-Position: refs/heads/master@{#27149} --- p2p/base/stun.cc | 6 ++++-- p2p/base/stun.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/p2p/base/stun.cc b/p2p/base/stun.cc index 66b53128a5..d2897747bb 100644 --- a/p2p/base/stun.cc +++ b/p2p/base/stun.cc @@ -364,8 +364,10 @@ bool StunMessage::Read(ByteBufferReader* buf) { if (!buf->ReadString(&transaction_id, kStunTransactionIdLength)) return false; - uint32_t magic_cookie_int = - *reinterpret_cast(magic_cookie.data()); + uint32_t magic_cookie_int; + static_assert(sizeof(magic_cookie_int) == kStunMagicCookieLength, + "Integer size mismatch: magic_cookie_int and kStunMagicCookie"); + std::memcpy(&magic_cookie_int, magic_cookie.data(), sizeof(magic_cookie_int)); if (rtc::NetworkToHost32(magic_cookie_int) != kStunMagicCookie) { // If magic cookie is invalid it means that the peer implements // RFC3489 instead of RFC5389. diff --git a/p2p/base/stun.h b/p2p/base/stun.h index e61b345fd7..caaa4745b4 100644 --- a/p2p/base/stun.h +++ b/p2p/base/stun.h @@ -110,7 +110,7 @@ const size_t kStunHeaderSize = 20; const size_t kStunTransactionIdOffset = 8; const size_t kStunTransactionIdLength = 12; const uint32_t kStunMagicCookie = 0x2112A442; -const size_t kStunMagicCookieLength = sizeof(kStunMagicCookie); +constexpr size_t kStunMagicCookieLength = sizeof(kStunMagicCookie); // Following value corresponds to an earlier version of STUN from // RFC3489.