[SCTP] last_sequence_delivered in sctp_process_a_data_chunk question
罗钰
blade_ly at yahoo.com.cn
Wed Dec 15 08:13:33 UTC 2010
Hi, all experts: I find a suspect point in function of sctp_process_a_data_chunk in all FreeBSD branches.for example:Line 1900 of sctp_indata: (asoc->strmin[strmno].last_sequence_delivered + 1) == strmseqThis is a logical judgement sentence.last_sequence_delivered is unsigned short type, strmseq is also.there is a problem: if last_sequence_delivered equal 0xffff, and the result of last_sequence_delivered + 1 must be 0x10000, rather than 0x0000, and if strmseq is also be 0x0, then this judgement will give you wrong value.
so i think put a (uint16_t) before this sentence will be more secure. so how do you think?like this: (uint16_t)(asoc->strmin[strmno].last_sequence_delivered + 1) == strmseqThanks and i hope your response.
More information about the freebsd-net
mailing list