From: Sridhar S. <sr...@us...> - 2004-07-23 17:19:48
|
good catch. will integrate along with your other patches. -Sridhar On Thu, 22 Jul 2004, Jorge Hernandez-Herrero wrote: > Hi, > > There is a '+' missing in sctp_sm_pull_sack() when > trying to account to for the variable length of the > SACK chunk (due to the reported number of dup TSN and > gap acks) which results in skb_pull() being > called with the wrong length. I guess, it could cause > some bad side effects when processing inbound SCTP > packets that bundle SACK+DATA. > > --- lksctp-2.4.work/net/sctp/sm_statefuns.c 2004-06-07 > 18:19:45.000000000 -0500 > +++ PATCH_SACKSIZE/net/sctp/sm_statefuns.c 2004-07-22 > 08:04:29.000000000 -0500 > @@ -4709,7 +4709,7 @@ struct sctp_sackhdr *sctp_sm_pull_sack(s > num_blocks = ntohs(sack->num_gap_ack_blocks); > num_dup_tsns = ntohs(sack->num_dup_tsns); > len = sizeof(struct sctp_sackhdr); > - len = (num_blocks + num_dup_tsns) * sizeof(__u32); > + len += (num_blocks + num_dup_tsns) * sizeof(__u32); > if (len > chunk->skb->len) > return NULL; > > I opened a new bug report and uploaded this patch in sourceforge > for this problem. > > Please take a look at it. > > Thanks, > Jorge > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click > _______________________________________________ > Lksctp-developers mailing list > Lks...@li... > https://lists.sourceforge.net/lists/listinfo/lksctp-developers > |