On Dec 15, 2010, at 8:46 AM, 罗钰 wrote:

> Hi, all experts:    I find a suspect point in function of 
> sctp_process_a_data_chunk in all FreeBSD branches.for example:Line 1900 of 
> sctp_indata: (asoc->strmin[strmno].last_sequence_delivered + 1) == 
> strmseqThis is a logical judgement sentence.last_sequence_delivered is 
> unsigned short type, strmseq is also.there is a problem: if 
> last_sequence_delivered equal 0xffff, and the result of 
> last_sequence_delivered + 1 must be 0x10000, rather than 0x0000, and if 
> strmseq is also be 0x0, then this judgement will give you wrong value.
> so i think  put a (uint16_t) before this sentence will be more secure. so how 
> do you think?like this: 
> (uint16_t)(asoc->strmin[strmno].last_sequence_delivered + 1) == strmseqThanks 
> and i hope your response.
In head and FreeBSD 8.0 and 8.1 sctp_structs.h contains:
struct sctp_stream_in {
        struct sctp_readhead inqueue;
        uint16_t stream_no;
        uint16_t last_sequence_delivered;       /* used for re-order */
        uint8_t  delivery_started;
};

Furthermore sctp_process_a_data_chunk() contains:
        uint16_t strmno, strmseq;

So I do not think the problem "is in all branches". Can you be more specific,
which version your are talking about?

Best regards
Michael
> 
> 
> 
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
> 

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to