Bug #8543
closeddecode/tcp: avoid unaligned access in TCP option parsing
Description
TCP option parsing in decode-tcp.c currently performs direct uint16_t pointer casts on byte-packed TCP option data.
Since TCP options are not guaranteed to be naturally aligned, this can cause unaligned memory access on strict-alignment architectures and also relies on undefined behavior in C.
Affected parsing paths include MSS and EXP/TFO option handling.
The proposed fix replaces direct casts with explicit byte-wise 16-bit extraction while preserving existing parsing behavior.
A pull request with the fix is already available:
https://github.com/OISF/suricata/pull/15207
PA Updated by Philippe Antoine about 1 month ago
- Status changed from New to In Review
- Assignee set to Urval Kheni
- Target version changed from TBD to 9.0.0-beta1
UK Updated by Urval Kheni about 1 month ago
- Affected Versions 9.0.0-beta1 added
- Affected Versions deleted (
git main)
TCP option parsing in decode-tcp.c currently performs direct uint16_t pointer casts on byte-packed TCP option data.
Since TCP options are not guaranteed to be naturally aligned, this can cause unaligned memory access on strict-alignment architectures and also relies on undefined behavior in C.
Affected parsing paths include MSS and EXP/TFO option handling.
The proposed fix replaces direct casts with explicit byte-wise 16-bit extraction while preserving existing parsing behavior.
A pull request with the fix is already available:
https://github.com/OISF/suricata/pull/15376
PA Updated by Philippe Antoine about 1 month ago
- Affected Versions git main added
- Affected Versions deleted (
9.0.0-beta1)
PA Updated by Philippe Antoine 27 days ago
- Status changed from In Review to Closed
PA Updated by Philippe Antoine 27 days ago
- Related to Bug #4736: ubsan: misaligned memory loads added