Fix misaligned read and buffer overrun

Ethernet addresses are only 6 bytes in size, reading it as a 64-bit
integer is invalid. Use unsigned 8-bit integers instead.

Caught by UBSAN and Address Sanitizer. Trigger via the Statistics menu
Resolved Addresses (Qt) or Show address resolution (GTK).

Change-Id: I628ff7cce0ea4f4e378c7968cd79a0ae34cdd20b
Reviewed-on: https://code.wireshark.org/review/10443
Reviewed-by: ronnie sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>

2 files changed, 13 insertions, 21 deletions

diff --git a/ui/gtk/addr_resolution_dlg.c b/ui/gtk/addr_resolution_dlg.c
index cca7db805c..ff693fc674 100644
--- a/ui/gtk/addr_resolution_dlg.c
+++ b/ui/gtk/addr_resolution_dlg.c
@@ -50,16 +50,12 @@ eth_hash_to_texbuff(gpointer key, gpointer value, gpointer user_data)
 {
     gchar string_buff[ADDRESS_STR_MAX];
     GtkTextBuffer *buffer = (GtkTextBuffer*)user_data;
-    gint64 eth_as_gint64 = *(gint64*)key;
+    guint8 *eth_addr = (guint8*)key;
     hashether_t* tp = (hashether_t*)value;
 
     g_snprintf(string_buff, ADDRESS_STR_MAX, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X Status: %u %s %s\n",
-               (guint8)(eth_as_gint64>>40&0xff),
-               (guint8)(eth_as_gint64>>32&0xff),
-               (guint8)((eth_as_gint64>>24)&0xff),
-               (guint8)((eth_as_gint64>>16)&0xff),
-               (guint8)((eth_as_gint64>>8)&0xff),
-               (guint8)(eth_as_gint64&0xff),
+               eth_addr[0], eth_addr[1], eth_addr[2],
+               eth_addr[3], eth_addr[4], eth_addr[5],
                get_hash_ether_status(tp),
                get_hash_ether_hexaddr(tp),
                get_hash_ether_resolved_name(tp));
@@ -85,15 +81,11 @@ wka_hash_to_texbuff(gpointer key, gpointer value, gpointer user_data)
     gchar string_buff[ADDRESS_STR_MAX];
     GtkTextBuffer *buffer = (GtkTextBuffer*)user_data;
     gchar *name = (gchar *)value;
-    gint64 eth_as_gint64 = *(gint64*)key;
+    guint8 *eth_addr = (guint8*)key;
 
     g_snprintf(string_buff, ADDRESS_STR_MAX, "%.2X:%.2X:%.2X:%.2X:%.2X:%.2X  %s\n",
-               (guint8)(eth_as_gint64>>40&0xff),
-               (guint8)(eth_as_gint64>>32&0xff),
-               (guint8)((eth_as_gint64>>24)&0xff),
-               (guint8)((eth_as_gint64>>16)&0xff),
-               (guint8)((eth_as_gint64>>8)&0xff),
-               (guint8)(eth_as_gint64&0xff),
+               eth_addr[0], eth_addr[1], eth_addr[2],
+               eth_addr[3], eth_addr[4], eth_addr[5],
                name);
     gtk_text_buffer_insert_at_cursor (buffer, string_buff, -1);
 
diff --git a/ui/qt/resolved_addresses_dialog.cpp b/ui/qt/resolved_addresses_dialog.cpp
index f9f06a189d..22715019f7 100644
--- a/ui/qt/resolved_addresses_dialog.cpp
+++ b/ui/qt/resolved_addresses_dialog.cpp
@@ -153,15 +153,15 @@ wka_hash_to_qstringlist(gpointer key, gpointer value, gpointer sl_ptr)
 {
     QStringList *string_list = (QStringList *) sl_ptr;
     gchar *name = (gchar *)value;
-    gint64 eth_as_gint64 = *(gint64*)key;
+    guint8 *eth_addr = (guint8*)key;
 
     QString entry = QString("%1:%2:%3:%4:%5:%6 %7")
-            .arg((eth_as_gint64 >> 40 & 0xff), 2, 16, QChar('0'))
-            .arg((eth_as_gint64 >> 32 & 0xff), 2, 16, QChar('0'))
-            .arg((eth_as_gint64 >> 24 & 0xff), 2, 16, QChar('0'))
-            .arg((eth_as_gint64 >> 16 & 0xff), 2, 16, QChar('0'))
-            .arg((eth_as_gint64 >>  8 & 0xff), 2, 16, QChar('0'))
-            .arg((eth_as_gint64 & 0xff), 2, 16, QChar('0'))
+            .arg(eth_addr[0], 2, 16, QChar('0'))
+            .arg(eth_addr[1], 2, 16, QChar('0'))
+            .arg(eth_addr[2], 2, 16, QChar('0'))
+            .arg(eth_addr[3], 2, 16, QChar('0'))
+            .arg(eth_addr[4], 2, 16, QChar('0'))
+            .arg(eth_addr[5], 2, 16, QChar('0'))
             .arg(name);
 
     *string_list << entry;