From cb9fb7b2cbe0b378c35621b0c03068a2efad7df1 Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Tue, 5 May 2020 19:54:30 +0000 Subject: [PATCH] Avoid underflowing a variable, which would result in taking more data from the stream queues then needed. Thanks to Timo Voelker for finding this bug and providing a fix. MFC after: 3 days --- sys/netinet/sctp_output.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index c30ce79f5327..bd737eba020c 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -7763,7 +7763,11 @@ sctp_fill_outqueue(struct sctp_tcb *stcb, } strq = stcb->asoc.ss_functions.sctp_ss_select_stream(stcb, net, asoc); total_moved += moved; - space_left -= moved; + if (space_left >= moved) { + space_left -= moved; + } else { + space_left = 0; + } if (space_left >= SCTP_DATA_CHUNK_OVERHEAD(stcb)) { space_left -= SCTP_DATA_CHUNK_OVERHEAD(stcb); } else {