Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 12 Oct 2014 17:42:33 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r273001 - stable/10/sys/netinet
Message-ID:  <201410121742.s9CHgXcU077295@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: tuexen
Date: Sun Oct 12 17:42:32 2014
New Revision: 273001
URL: https://svnweb.freebsd.org/changeset/base/273001

Log:
  MFC r272751:
  Ensure that the list of streams sent in a stream reset parameter fits
  in an mbuf-cluster.
  Thanks to Peter Bostroem for drawing my attention to this part of the code.

Modified:
  stable/10/sys/netinet/sctp_output.c
  stable/10/sys/netinet/sctp_output.h
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/netinet/sctp_output.c
==============================================================================
--- stable/10/sys/netinet/sctp_output.c	Sun Oct 12 17:39:37 2014	(r273000)
+++ stable/10/sys/netinet/sctp_output.c	Sun Oct 12 17:42:32 2014	(r273001)
@@ -11846,7 +11846,7 @@ sctp_add_an_in_stream(struct sctp_tmit_c
 
 int
 sctp_send_str_reset_req(struct sctp_tcb *stcb,
-    int number_entries, uint16_t * list,
+    uint16_t number_entries, uint16_t * list,
     uint8_t send_out_req,
     uint8_t send_in_req,
     uint8_t send_tsn_req,
@@ -11879,6 +11879,14 @@ sctp_send_str_reset_req(struct sctp_tcb 
 		SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, EINVAL);
 		return (EINVAL);
 	}
+	if (number_entries > (MCLBYTES -
+	    SCTP_MIN_OVERHEAD -
+	    sizeof(struct sctp_chunkhdr) -
+	    sizeof(struct sctp_stream_reset_out_request)) /
+	    sizeof(uint16_t)) {
+		SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);
+		return (ENOMEM);
+	}
 	sctp_alloc_a_chunk(stcb, chk);
 	if (chk == NULL) {
 		SCTP_LTRACE_ERR_RET(NULL, stcb, NULL, SCTP_FROM_SCTP_OUTPUT, ENOMEM);

Modified: stable/10/sys/netinet/sctp_output.h
==============================================================================
--- stable/10/sys/netinet/sctp_output.h	Sun Oct 12 17:39:37 2014	(r273000)
+++ stable/10/sys/netinet/sctp_output.h	Sun Oct 12 17:42:32 2014	(r273001)
@@ -181,8 +181,8 @@ sctp_add_stream_reset_result_tsn(struct 
     uint32_t, uint32_t, uint32_t, uint32_t);
 
 int
-sctp_send_str_reset_req(struct sctp_tcb *, int, uint16_t *, uint8_t, uint8_t,
-    uint8_t, uint8_t, uint16_t, uint16_t, uint8_t);
+sctp_send_str_reset_req(struct sctp_tcb *, uint16_t, uint16_t *, uint8_t,
+    uint8_t, uint8_t, uint8_t, uint16_t, uint16_t, uint8_t);
 
 void
 sctp_send_abort(struct mbuf *, int, struct sockaddr *, struct sockaddr *,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410121742.s9CHgXcU077295>