Fix a bug in deferred stream reset processing which results
in using a length field before it is set. Thanks to Taylor Brandstetter for reporting the issue and providing a fix. MFC after: 3 days
This commit is contained in:
parent
e90bb68be6
commit
0ee5c319f2
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=303073
@ -11940,7 +11940,6 @@ sctp_send_deferred_reset_response(struct sctp_tcb *stcb,
|
||||
return;
|
||||
}
|
||||
SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
|
||||
sctp_add_stream_reset_result(chk, ent->seq, response);
|
||||
/* setup chunk parameters */
|
||||
chk->sent = SCTP_DATAGRAM_UNSENT;
|
||||
chk->snd_count = 0;
|
||||
@ -11955,6 +11954,7 @@ sctp_send_deferred_reset_response(struct sctp_tcb *stcb,
|
||||
ch->chunk_length = htons(chk->book_size);
|
||||
atomic_add_int(&chk->whoTo->ref_count, 1);
|
||||
SCTP_BUF_LEN(chk->data) = chk->send_size;
|
||||
sctp_add_stream_reset_result(chk, ent->seq, response);
|
||||
/* insert the chunk for sending */
|
||||
TAILQ_INSERT_TAIL(&asoc->control_send_queue,
|
||||
chk,
|
||||
|
Loading…
Reference in New Issue
Block a user