On Dec 15, 2010, at 8:46 AM, 罗钰 wrote:
> Hi, all experts: I find a suspect point in function of
> sctp_process_a_data_chunk in all FreeBSD branches.for example:Line 1900 of
> sctp_indata: (asoc->strmin[strmno].last_sequence_delivered + 1) ==
> strmseqThis is a logical judgement sentence.last_sequence_delivered is
> unsigned short type, strmseq is also.there is a problem: if
> last_sequence_delivered equal 0xffff, and the result of
> last_sequence_delivered + 1 must be 0x10000, rather than 0x0000, and if
> strmseq is also be 0x0, then this judgement will give you wrong value.
> so i think put a (uint16_t) before this sentence will be more secure. so how
> do you think?like this:
> (uint16_t)(asoc->strmin[strmno].last_sequence_delivered + 1) == strmseqThanks
> and i hope your response.
In head and FreeBSD 8.0 and 8.1 sctp_structs.h contains:
struct sctp_stream_in {
struct sctp_readhead inqueue;
uint16_t stream_no;
uint16_t last_sequence_delivered; /* used for re-order */
uint8_t delivery_started;
};
Furthermore sctp_process_a_data_chunk() contains:
uint16_t strmno, strmseq;
So I do not think the problem "is in all branches". Can you be more specific,
which version your are talking about?
Best regards
Michael
>
>
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
