Merge #1206

bors[bot] · Gleb Pomykalov · web-flow · commit fdf828bc5f47 · 2020-04-19T19:44:19.000Z
1206: Fix unaligned casting of cmsg data to af_alg_iv r=asomers a=glebpom Casting a pointer to `cmsg_data` to `af_alg_iv` is incorrect since it's not properly aligned. As of the [`cmsg` man page](http://man7.org/linux/man-pages/man3/cmsg.3.html) "Applications should not cast it to a pointer type matching the payload, but should instead use memcpy(3) to copy data to or from a suitably declared object." Co-authored-by: Gleb Pomykalov <gleb@lancastr.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,6 +32,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Fixed a bug in nix::unistd that would result in an infinite loop
   when a group or user lookup required a buffer larger than
   16KB. (#[1198](https://github.com/nix-rust/nix/pull/1198))
+- Fixed unaligned casting of `cmsg_data` to `af_alg_iv` (#[1206](https://github.com/nix-rust/nix/pull/1206))
 
 ### Removed
 
diff --git a/src/sys/socket/mod.rs b/src/sys/socket/mod.rs
@@ -657,15 +657,26 @@ impl<'a> ControlMessage<'a> {
             }
             #[cfg(any(target_os = "android", target_os = "linux"))]
             ControlMessage::AlgSetIv(iv) => {
+                let af_alg_iv = libc::af_alg_iv {
+                    ivlen: iv.len() as u32,
+                    iv: [0u8; 0],
+                };
+
+                let size = mem::size_of::<libc::af_alg_iv>();
+
                 unsafe {
-                    let alg_iv = cmsg_data as *mut libc::af_alg_iv;
-                    (*alg_iv).ivlen = iv.len() as u32;
+                    ptr::copy_nonoverlapping(
+                        &af_alg_iv as *const _ as *const u8,
+                        cmsg_data,
+                        size,
+                    );
                     ptr::copy_nonoverlapping(
                         iv.as_ptr(),
-                        (*alg_iv).iv.as_mut_ptr(),
+                        cmsg_data.add(size),
                         iv.len()
                     );
                 };
+
                 return
             },
             #[cfg(any(target_os = "android", target_os = "linux"))]
