d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a signed/unsigned bug when receiving SCTP messages.

Browse Source 
This is joint work with rrs@.

Reported by:		syzbot+6b8a4bc8cc828e9d9790@syzkaller.appspotmail.com
MFC after:		1 week
This commit is contained in:
Michael Tuexen 2019-03-24 09:46:16 +00:00
parent 91dfbef4aa
commit 0d3cf13dab
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/netinet/sctputil.c
View File

@ -5219,8 +5219,9 @@ sctp_sorecvmsg(struct socket *so,
*
*/
struct sctp_inpcb *inp = NULL;
int my_len = 0;
int cp_len = 0, error = 0;
size_t my_len = 0;
size_t cp_len = 0;
int error = 0;
struct sctp_queued_to_read *control = NULL, *ctl = NULL, *nxt = NULL;
struct mbuf *m = NULL;
struct sctp_tcb *stcb = NULL;
@ -5728,8 +5729,8 @@ get_more_data:
m = control->data;
while (m) {
/* Move out all we can */
cp_len = (int)uio->uio_resid;
my_len = (int)SCTP_BUF_LEN(m);
cp_len = uio->uio_resid;
my_len = SCTP_BUF_LEN(m);
if (cp_len > my_len) {
/* not enough in this buf */
cp_len = my_len;