diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index 0146811dc2b2..249b9f253c65 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -1005,7 +1005,7 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset, int init_offset, initack_offset, i; int retval; int spec_flag = 0; - int how_indx; + uint32_t how_indx; /* I know that the TCB is non-NULL from the caller */ asoc = &stcb->asoc; @@ -1548,6 +1548,7 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, SCTPDBG(SCTP_DEBUG_INPUT1, "process_cookie_new: no room for another TCB!\n"); op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); + sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, sh, op_err, vrf_id, table_id); return (NULL); @@ -1574,9 +1575,11 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, * cookie was in flight. Only recourse is to abort the * association. */ + atomic_add_int(&stcb->asoc.refcnt, 1); op_err = sctp_generate_invmanparam(SCTP_CAUSE_OUT_OF_RESC); sctp_abort_association(inp, (struct sctp_tcb *)NULL, m, iphlen, sh, op_err, vrf_id, table_id); + atomic_add_int(&stcb->asoc.refcnt, -1); return (NULL); } /* process the INIT-ACK info (my info) */ @@ -1598,14 +1601,18 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, else retval = 0; if (retval < 0) { + atomic_add_int(&stcb->asoc.refcnt, 1); sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_16); + atomic_add_int(&stcb->asoc.refcnt, -1); return (NULL); } /* load all addresses */ if (sctp_load_addresses_from_init(stcb, m, iphlen, init_offset + sizeof(struct sctp_init_chunk), initack_offset, sh, init_src)) { + atomic_add_int(&stcb->asoc.refcnt, 1); sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_17); + atomic_add_int(&stcb->asoc.refcnt, -1); return (NULL); } /* @@ -1672,7 +1679,9 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset, memcpy(&sin6->sin6_addr, cookie->laddress, sizeof(sin6->sin6_addr)); } else { + atomic_add_int(&stcb->asoc.refcnt, 1); sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_INPUT + SCTP_LOC_19); + atomic_add_int(&stcb->asoc.refcnt, -1); return (NULL); } @@ -1769,27 +1778,27 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, iph = mtod(m, struct ip *); if (iph->ip_v == IPVERSION) { /* its IPv4 */ - struct sockaddr_in *sin; + struct sockaddr_in *lsin; - sin = (struct sockaddr_in *)(localep_sa); - memset(sin, 0, sizeof(*sin)); - sin->sin_family = AF_INET; - sin->sin_len = sizeof(*sin); - sin->sin_port = sh->dest_port; - sin->sin_addr.s_addr = iph->ip_dst.s_addr; + lsin = (struct sockaddr_in *)(localep_sa); + memset(lsin, 0, sizeof(*lsin)); + lsin->sin_family = AF_INET; + lsin->sin_len = sizeof(*lsin); + lsin->sin_port = sh->dest_port; + lsin->sin_addr.s_addr = iph->ip_dst.s_addr; size_of_pkt = SCTP_GET_IPV4_LENGTH(iph); } else if (iph->ip_v == (IPV6_VERSION >> 4)) { /* its IPv6 */ struct ip6_hdr *ip6; - struct sockaddr_in6 *sin6; + struct sockaddr_in6 *lsin6; - sin6 = (struct sockaddr_in6 *)(localep_sa); - memset(sin6, 0, sizeof(*sin6)); - sin6->sin6_family = AF_INET6; - sin6->sin6_len = sizeof(struct sockaddr_in6); + lsin6 = (struct sockaddr_in6 *)(localep_sa); + memset(lsin6, 0, sizeof(*lsin6)); + lsin6->sin6_family = AF_INET6; + lsin6->sin6_len = sizeof(struct sockaddr_in6); ip6 = mtod(m, struct ip6_hdr *); - sin6->sin6_port = sh->dest_port; - sin6->sin6_addr = ip6->ip6_dst; + lsin6->sin6_port = sh->dest_port; + lsin6->sin6_addr = ip6->ip6_dst; size_of_pkt = SCTP_GET_IPV6_LENGTH(ip6) + iphlen; } else { return (NULL); @@ -3406,7 +3415,7 @@ sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp, * whichever is less. */ incr = min((bw_avail - on_queue) >> 2, - (int)stcb->asoc.max_burst * (int)net->mtu); + stcb->asoc.max_burst * net->mtu); net->cwnd += incr; } if (net->cwnd > bw_avail) { @@ -3448,7 +3457,7 @@ __attribute__((noinline)) struct sctp_association *asoc; uint32_t vtag_in; int num_chunks = 0; /* number of control chunks processed */ - int chk_length; + uint32_t chk_length; int ret; int abort_no_unlock = 0; @@ -3647,8 +3656,8 @@ process_control_chunks: chk_length = ntohs(ch->chunk_length); SCTPDBG(SCTP_DEBUG_INPUT2, "sctp_process_control: processing a chunk type=%u, len=%u\n", ch->chunk_type, chk_length); - if ((size_t)chk_length < sizeof(*ch) || - (*offset + chk_length) > length) { + if (chk_length < sizeof(*ch) || + (*offset + (int)chk_length) > length) { *offset = length; if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); @@ -3698,7 +3707,7 @@ process_control_chunks: } } else { /* get a complete chunk... */ - if ((size_t)chk_length > sizeof(chunk_buf)) { + if (chk_length > sizeof(chunk_buf)) { struct mbuf *oper; struct sctp_paramhdr *phdr; @@ -3781,7 +3790,7 @@ process_control_chunks: } } if ((num_chunks > 1) || - (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) { + (sctp_strict_init && (length - *offset > (int)SCTP_SIZE32(chk_length)))) { *offset = length; if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); @@ -3833,7 +3842,7 @@ process_control_chunks: } } if ((num_chunks > 1) || - (sctp_strict_init && (length - *offset > SCTP_SIZE32(chk_length)))) { + (sctp_strict_init && (length - *offset > (int)SCTP_SIZE32(chk_length)))) { *offset = length; if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); @@ -4176,7 +4185,7 @@ process_control_chunks: SCTPDBG(SCTP_DEBUG_INPUT3, "SCTP_SHUTDOWN-COMPLETE, stcb %p\n", stcb); /* must be first and only chunk */ if ((num_chunks > 1) || - (length - *offset > SCTP_SIZE32(chk_length))) { + (length - *offset > (int)SCTP_SIZE32(chk_length))) { *offset = length; if (locked_tcb) { SCTP_TCB_UNLOCK(locked_tcb); diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index a8a506a03d62..3c0056c3ea5d 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -3057,7 +3057,7 @@ sctp_find_cmsg(int c_type, void *data, struct mbuf *control, int cpsize) return (0); } m_copydata(control, at, sizeof(cmh), (caddr_t)&cmh); - if ((cmh.cmsg_len + at) > tlen) { + if (((int)cmh.cmsg_len + at) > tlen) { /* * this is real messed up since there is not enough * data here to cover the cmsg header. We are done. @@ -3913,26 +3913,26 @@ sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb) } /* add authentication parameters */ if (!sctp_auth_disable) { - struct sctp_auth_random *random; + struct sctp_auth_random *randp; struct sctp_auth_hmac_algo *hmacs; struct sctp_auth_chunk_list *chunks; /* attach RANDOM parameter, if available */ if (stcb->asoc.authinfo.random != NULL) { - random = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); - p_len = sizeof(*random) + stcb->asoc.authinfo.random_len; + randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); + p_len = sizeof(*randp) + stcb->asoc.authinfo.random_len; #ifdef SCTP_AUTH_DRAFT_04 - random->ph.param_type = htons(SCTP_RANDOM); - random->ph.param_length = htons(p_len); + randp->ph.param_type = htons(SCTP_RANDOM); + randp->ph.param_length = htons(p_len); bcopy(stcb->asoc.authinfo.random->key, - random->random_data, + randp->random_data, stcb->asoc.authinfo.random_len); #else /* random key already contains the header */ - bcopy(stcb->asoc.authinfo.random->key, random, p_len); + bcopy(stcb->asoc.authinfo.random->key, randp, p_len); #endif /* zero out any padding required */ - bzero((caddr_t)random + p_len, SCTP_SIZE32(p_len) - p_len); + bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); } /* add HMAC_ALGO parameter */ @@ -4003,8 +4003,6 @@ sctp_send_initiate(struct sctp_inpcb *inp, struct sctp_tcb *stcb) * though I think it is impossible :-> however we add * mp_last here just in case. */ - int ret; - ret = sctp_add_pad_tombuf(mp_last, (4 - padval)); if (ret) { /* Houston we have a problem, no space */ @@ -4926,20 +4924,20 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, } /* add authentication parameters */ if (!sctp_auth_disable) { - struct sctp_auth_random *random; + struct sctp_auth_random *randp; struct sctp_auth_hmac_algo *hmacs; struct sctp_auth_chunk_list *chunks; uint16_t random_len; /* generate and add RANDOM parameter */ random_len = SCTP_AUTH_RANDOM_SIZE_DEFAULT; - random = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); - random->ph.param_type = htons(SCTP_RANDOM); - p_len = sizeof(*random) + random_len; - random->ph.param_length = htons(p_len); - SCTP_READ_RANDOM(random->random_data, random_len); + randp = (struct sctp_auth_random *)(mtod(m, caddr_t)+SCTP_BUF_LEN(m)); + randp->ph.param_type = htons(SCTP_RANDOM); + p_len = sizeof(*randp) + random_len; + randp->ph.param_length = htons(p_len); + SCTP_READ_RANDOM(randp->random_data, random_len); /* zero out any padding required */ - bzero((caddr_t)random + p_len, SCTP_SIZE32(p_len) - p_len); + bzero((caddr_t)randp + p_len, SCTP_SIZE32(p_len) - p_len); SCTP_BUF_LEN(m) += SCTP_SIZE32(p_len); /* add HMAC_ALGO parameter */ @@ -5451,7 +5449,7 @@ error_out: appendchain = clonechain; } else { if (!copy_by_ref && - (sizeofcpy <= ((((sctp_mbuf_threshold_count - 1) * MLEN) + MHLEN))) + (sizeofcpy <= (int)((((sctp_mbuf_threshold_count - 1) * MLEN) + MHLEN))) ) { /* Its not in a cluster */ if (*endofchain == NULL) { @@ -6067,7 +6065,7 @@ sctp_clean_up_ctl(struct sctp_tcb *stcb, struct sctp_association *asoc) static __inline int sctp_can_we_split_this(struct sctp_tcb *stcb, struct sctp_stream_queue_pending *sp, - int goal_mtu, int frag_point, int eeor_on) + uint32_t goal_mtu, uint32_t frag_point, int eeor_on) { /* * Make a decision on if I should split a msg into multiple parts. @@ -6099,7 +6097,8 @@ sctp_can_we_split_this(struct sctp_tcb *stcb, return (goal_mtu); } } - if ((sp->length <= goal_mtu) || ((sp->length - goal_mtu) < sctp_min_residual)) { + if ((sp->length <= goal_mtu) || + ((sp->length - goal_mtu) < sctp_min_residual)) { /* Sub-optimial residual don't split in non-eeor mode. */ return (0); } @@ -6116,11 +6115,11 @@ sctp_can_we_split_this(struct sctp_tcb *stcb, } -static int +static uint32_t sctp_move_to_outqueue(struct sctp_tcb *stcb, struct sctp_nets *net, struct sctp_stream_out *strq, - int goal_mtu, - int frag_point, + uint32_t goal_mtu, + uint32_t frag_point, int *locked, int *giveup, int eeor_mode) @@ -6130,7 +6129,7 @@ sctp_move_to_outqueue(struct sctp_tcb *stcb, struct sctp_nets *net, struct sctp_stream_queue_pending *sp; struct sctp_tmit_chunk *chk; struct sctp_data_chunk *dchkh; - int to_move; + uint32_t to_move; uint8_t rcv_flags = 0; uint8_t some_taken; uint8_t send_lock_up = 0; @@ -6365,7 +6364,7 @@ out_gu: } else { atomic_subtract_int(&sp->length, to_move); } - if (M_LEADINGSPACE(chk->data) < sizeof(struct sctp_data_chunk)) { + if (M_LEADINGSPACE(chk->data) < (int)sizeof(struct sctp_data_chunk)) { /* Not enough room for a chunk header, get some */ struct mbuf *m; @@ -6385,12 +6384,12 @@ out_gu: sp->data = chk->data; sp->tail_mbuf = chk->last_mbuf; } else { - struct mbuf *m; + struct mbuf *m_tmp; /* reassemble the data */ - m = sp->data; + m_tmp = sp->data; sp->data = chk->data; - SCTP_BUF_NEXT(sp->data) = m; + SCTP_BUF_NEXT(sp->data) = m_tmp; } sp->some_taken = some_taken; atomic_add_int(&sp->length, to_move); @@ -10472,7 +10471,7 @@ sctp_copy_it_in(struct sctp_tcb *stcb, *error = 0; /* Unless E_EOR mode is on, we must make a send FIT in one call. */ if (((user_marks_eor == 0) && non_blocking) && - (uio->uio_resid > SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { + (uio->uio_resid > (int)SCTP_SB_LIMIT_SND(stcb->sctp_socket))) { /* It will NEVER fit */ *error = EMSGSIZE; goto out_now; @@ -10502,11 +10501,10 @@ sctp_copy_it_in(struct sctp_tcb *stcb, sp->stream = srcv->sinfo_stream; sp->length = min(uio->uio_resid, max_send_len); - if ((sp->length == uio->uio_resid) && + if ((sp->length == (uint32_t) uio->uio_resid) && ((user_marks_eor == 0) || (srcv->sinfo_flags & SCTP_EOF) || - (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR))) - ) { + (user_marks_eor && (srcv->sinfo_flags & SCTP_EOR)))) { sp->msg_is_complete = 1; } else { sp->msg_is_complete = 0; @@ -11048,7 +11046,7 @@ sctp_lower_sosend(struct socket *so, /* Are we aborting? */ if (srcv->sinfo_flags & SCTP_ABORT) { struct mbuf *mm; - int tot_demand, tot_out = 0, max; + int tot_demand, tot_out = 0, max_out; SCTP_STAT_INCR(sctps_sends_with_abort); if ((SCTP_GET_STATE(asoc) == SCTP_STATE_COOKIE_WAIT) || @@ -11084,10 +11082,10 @@ sctp_lower_sosend(struct socket *so, error = ENOMEM; goto out; } - max = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); - max -= sizeof(struct sctp_abort_msg); - if (tot_out > max) { - tot_out = max; + max_out = asoc->smallest_mtu - sizeof(struct sctp_paramhdr); + max_out -= sizeof(struct sctp_abort_msg); + if (tot_out > max_out) { + tot_out = max_out; } if (mm) { struct sctp_paramhdr *ph; @@ -11296,7 +11294,8 @@ sctp_lower_sosend(struct socket *so, max_len = 0; if ((max_len > sctp_add_more_threshold) || - (uio->uio_resid && (uio->uio_resid < max_len))) { + (uio->uio_resid && + (uio->uio_resid < (int)max_len))) { sndout = 0; new_tail = NULL; if (hold_tcblock) { diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index 70fed4c948ef..8b4943ad7efc 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -1550,7 +1550,7 @@ sctp_timeout_handler(void *t) break; case SCTP_TIMER_TYPE_HEARTBEAT: { - struct sctp_nets *net; + struct sctp_nets *lnet; int cnt_of_unconf = 0; if ((stcb == NULL) || (inp == NULL)) { @@ -1558,23 +1558,24 @@ sctp_timeout_handler(void *t) } SCTP_STAT_INCR(sctps_timoheartbeat); stcb->asoc.timoheartbeat++; - TAILQ_FOREACH(net, &stcb->asoc.nets, sctp_next) { - if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) && - (net->dest_state & SCTP_ADDR_REACHABLE)) { + TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) { + if ((lnet->dest_state & SCTP_ADDR_UNCONFIRMED) && + (lnet->dest_state & SCTP_ADDR_REACHABLE)) { cnt_of_unconf++; } } if (cnt_of_unconf == 0) { - if (sctp_heartbeat_timer(inp, stcb, net, cnt_of_unconf)) { + if (sctp_heartbeat_timer(inp, stcb, lnet, + cnt_of_unconf)) { /* no need to unlock on tcb its gone */ goto out_decr; } } #ifdef SCTP_AUDITING_ENABLED - sctp_auditing(4, inp, stcb, net); + sctp_auditing(4, inp, stcb, lnet); #endif - sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, stcb->sctp_ep, - stcb, net); + sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, + stcb->sctp_ep, stcb, lnet); sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_HB_TMR); } break; @@ -1897,7 +1898,6 @@ sctp_timer_start(int t_type, struct sctp_inpcb *inp, struct sctp_tcb *stcb, return; } if (net) { - struct sctp_nets *lnet; int delay; delay = stcb->asoc.heart_beat_delay; @@ -2347,11 +2347,10 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) /* * given a mbuf chain with a packetheader offset by 'offset' * pointing at a sctphdr (with csum set to 0) go through the chain - * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is - * currently Adler32 but will change to CRC32x soon. Also has a side - * bonus calculate the total length of the mbuf chain. Note: if - * offset is greater than the total mbuf length, checksum=1, - * pktlen=0 is returned (ie. no real error code) + * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This also + * has a side bonus as it will calculate the total length of the + * mbuf chain. Note: if offset is greater than the total mbuf + * length, checksum=1, pktlen=0 is returned (ie. no real error code) */ if (pktlen == NULL) return (0); @@ -2369,11 +2368,10 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) /* * given a mbuf chain with a packetheader offset by 'offset' * pointing at a sctphdr (with csum set to 0) go through the chain - * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is - * currently Adler32 but will change to CRC32x soon. Also has a side - * bonus calculate the total length of the mbuf chain. Note: if - * offset is greater than the total mbuf length, checksum=1, - * pktlen=0 is returned (ie. no real error code) + * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This also + * has a side bonus as it will calculate the total length of the + * mbuf chain. Note: if offset is greater than the total mbuf + * length, checksum=1, pktlen=0 is returned (ie. no real error code) */ int32_t tlen = 0; struct mbuf *at; @@ -2399,11 +2397,10 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) /* * given a mbuf chain with a packetheader offset by 'offset' * pointing at a sctphdr (with csum set to 0) go through the chain - * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This is - * currently Adler32 but will change to CRC32x soon. Also has a side - * bonus calculate the total length of the mbuf chain. Note: if - * offset is greater than the total mbuf length, checksum=1, - * pktlen=0 is returned (ie. no real error code) + * of SCTP_BUF_NEXT()'s and calculate the SCTP checksum. This also + * has a side bonus as it will calculate the total length of the + * mbuf chain. Note: if offset is greater than the total mbuf + * length, checksum=1, pktlen=0 is returned (ie. no real error code) */ int32_t tlen = 0; @@ -2413,7 +2410,7 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) #else uint32_t base = 0xffffffff; -#endif /* SCTP_USE_ADLER32 */ +#endif struct mbuf *at; at = m; @@ -2440,12 +2437,12 @@ sctp_calculate_sum(struct mbuf *m, int32_t * pktlen, uint32_t offset) (unsigned char *)(SCTP_BUF_AT(at, offset)), (unsigned int)(SCTP_BUF_LEN(at) - offset)); } -#endif /* SCTP_USE_ADLER32 */ +#endif tlen += SCTP_BUF_LEN(at) - offset; /* we only offset once into the first mbuf */ } if (offset) { - if (offset < SCTP_BUF_LEN(at)) + if (offset < (uint32_t) SCTP_BUF_LEN(at)) offset = 0; else offset -= SCTP_BUF_LEN(at); @@ -4483,7 +4480,7 @@ sctp_find_ifa_by_addr(struct sockaddr *addr, uint32_t vrf_id, int holds_lock) } static void -sctp_user_rcvd(struct sctp_tcb *stcb, int *freed_so_far, int hold_rlock, +sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t * freed_so_far, int hold_rlock, uint32_t rwnd_req) { /* User pulled some data, do we need a rwnd update? */ @@ -4498,8 +4495,7 @@ sctp_user_rcvd(struct sctp_tcb *stcb, int *freed_so_far, int hold_rlock, if (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED | - SCTP_STATE_SHUTDOWN_ACK_SENT) - ) { + SCTP_STATE_SHUTDOWN_ACK_SENT)) { /* Pre-check If we are freeing no update */ goto no_lock; } @@ -4613,7 +4609,7 @@ sctp_sorecvmsg(struct socket *so, int freecnt_applied = 0; int out_flags = 0, in_flags = 0; int block_allowed = 1; - int freed_so_far = 0; + uint32_t freed_so_far = 0; int copied_so_far = 0; int in_eeor_mode = 0; int no_rcv_needed = 0; @@ -4622,7 +4618,7 @@ sctp_sorecvmsg(struct socket *so, int hold_rlock = 0; int alen = 0; int slen = 0; - int held_length = 0; + uint32_t held_length = 0; int sockbuf_lock = 0; if (uio == NULL) { @@ -4844,17 +4840,17 @@ restart_nosblocks: control->held_length = 0; if (control->data) { /* Hmm there is data here .. fix */ - struct mbuf *m; + struct mbuf *m_tmp; int cnt = 0; - m = control->data; - while (m) { - cnt += SCTP_BUF_LEN(m); - if (SCTP_BUF_NEXT(m) == NULL) { - control->tail_mbuf = m; + m_tmp = control->data; + while (m_tmp) { + cnt += SCTP_BUF_LEN(m_tmp); + if (SCTP_BUF_NEXT(m_tmp) == NULL) { + control->tail_mbuf = m_tmp; control->end_added = 1; } - m = SCTP_BUF_NEXT(m); + m_tmp = SCTP_BUF_NEXT(m_tmp); } control->length = cnt; } else { @@ -5814,7 +5810,7 @@ sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, sa = addr; *error = *num_v6 = *num_v4 = 0; /* account and validate addresses */ - for (i = 0; i < *totaddr; i++) { + for (i = 0; i < (size_t)*totaddr; i++) { if (sa->sa_family == AF_INET) { (*num_v4) += 1; incr = sizeof(struct sockaddr_in); @@ -5853,7 +5849,7 @@ sctp_connectx_helper_find(struct sctp_inpcb *inp, struct sockaddr *addr, } else { SCTP_INP_DECR_REF(inp); } - if ((at + incr) > limit) { + if ((at + incr) > (size_t)limit) { *totaddr = i; break; }