From fc880b11ed70ff9dcf8be48621f75d354cc5094d Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 7 Jul 2015 15:33:55 +0300
Subject: [PATCH] NFC: Avoid misaligned read of an NDEF field

The 32-bit version of payload length field may not be 32-bit aligned in
the message buffer, so use WPA_GET_BE32() to read it instead of ntohl().

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/wps/ndef.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wps/ndef.c b/src/wps/ndef.c
index 8d1ce1eac..5604b0a5d 100644
--- a/src/wps/ndef.c
+++ b/src/wps/ndef.c
@@ -47,7 +47,7 @@ static int ndef_parse_record(const u8 *data, u32 size,
 	} else {
 		if (size < 6)
 			return -1;
-		record->payload_length = ntohl(*(u32 *)pos);
+		record->payload_length = WPA_GET_BE32(pos);
 		pos += sizeof(u32);
 	}