Date: Wed, 15 Dec 2010 15:46:49 +0800 (CST) From: =?utf-8?B?572X6ZKw?= <blade_ly@yahoo.com.cn> To: freebsd-net@freebsd.org Subject: [SCTP] last_sequence_delivered in sctp_process_a_data_chunk question Message-ID: <173127.17301.qm@web15007.mail.cnb.yahoo.com> In-Reply-To: <20101213120030.B1727106577A@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, all experts:=C2=A0=C2=A0 =C2=A0I find a suspect point in function of=C2= =A0sctp_process_a_data_chunk in all FreeBSD branches.for example:Line 1900 = of sctp_indata:=C2=A0(asoc->strmin[strmno].last_sequence_delivered + 1) =3D= =3D strmseqThis is a logical judgement sentence.last_sequence_delivered=C2= =A0is unsigned short type, strmseq is also.there is a problem:=C2=A0if=C2= =A0last_sequence_delivered equal 0xffff, and the result of=C2=A0last_sequen= ce_delivered + 1 must be 0x10000, rather than 0x0000, and if=C2=A0strmseq i= s also be 0x0, then this judgement will give you wrong value. so i think =C2=A0put a (uint16_t) before this sentence will be more secure.= so how do you think?like this: (uint16_t)(asoc->strmin[strmno].last_sequen= ce_delivered + 1) =3D=3D strmseqThanks and i hope your response.=0A=0A=0A =
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?173127.17301.qm>