Fix a bug in deferred stream reset processing which results

in using a length field before it is set. Thanks to Taylor Brandstetter for reporting the issue and providing a fix. MFC after: 3 days
svn path=/head/; revision=303073
2016-07-20 06:29:26 +00:00 · 2016-07-20 06:29:26 +00:00 · 0ee5c319f2 · 2020-12-20 02:59:44 +00:00
commit 0ee5c319f2
parent e90bb68be6
1 changed files with 1 additions and 1 deletions
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@ -11940,7 +11940,6 @@ sctp_send_deferred_reset_response(struct sctp_tcb *stcb,
 		return;
 	}
 	SCTP_BUF_RESV_UF(chk->data, SCTP_MIN_OVERHEAD);
-	sctp_add_stream_reset_result(chk, ent->seq, response);
 	/* setup chunk parameters */
 	chk->sent = SCTP_DATAGRAM_UNSENT;
 	chk->snd_count = 0;
@ -11955,6 +11954,7 @@ sctp_send_deferred_reset_response(struct sctp_tcb *stcb,
 	ch->chunk_length = htons(chk->book_size);
 	atomic_add_int(&chk->whoTo->ref_count, 1);
 	SCTP_BUF_LEN(chk->data) = chk->send_size;
+	sctp_add_stream_reset_result(chk, ent->seq, response);
 	/* insert the chunk for sending */
 	TAILQ_INSERT_TAIL(&asoc->control_send_queue,
 	    chk,