diff options
author | tuexen <tuexen@FreeBSD.org> | 2015-03-24 15:05:36 +0000 |
---|---|---|
committer | tuexen <tuexen@FreeBSD.org> | 2015-03-24 15:05:36 +0000 |
commit | dd7a50a918693df49f5ca381fe0709f36f5707f6 (patch) | |
tree | f8f1f0b975358b0d266a402e7ab7252ebb42cbf7 | |
parent | 8a1215fa1551039dc08fef9d7bc0a892645f7eed (diff) | |
download | FreeBSD-src-dd7a50a918693df49f5ca381fe0709f36f5707f6.zip FreeBSD-src-dd7a50a918693df49f5ca381fe0709f36f5707f6.tar.gz |
Fix the bug in the handling of fragmented abandoned SCTP user messages reported in
https://code.google.com/p/sctp-refimpl/issues/detail?id=11
Thanks to Lally Singh for reporting it.
MFC after: 3 days
-rw-r--r-- | sys/netinet/sctp_indata.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/netinet/sctp_indata.c b/sys/netinet/sctp_indata.c index 5a70615..ea3d3e7 100644 --- a/sys/netinet/sctp_indata.c +++ b/sys/netinet/sctp_indata.c @@ -2597,12 +2597,14 @@ sctp_process_segment_range(struct sctp_tcb *stcb, struct sctp_tmit_chunk **p_tp1 * cumack trackers for first transmissions, * and retransmissions. */ - if ((tp1->whoTo->find_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) && + if ((tp1->sent < SCTP_DATAGRAM_RESEND) && + (tp1->whoTo->find_pseudo_cumack == 1) && (tp1->snd_count == 1)) { tp1->whoTo->pseudo_cumack = tp1->rec.data.TSN_seq; tp1->whoTo->find_pseudo_cumack = 0; } - if ((tp1->whoTo->find_rtx_pseudo_cumack == 1) && (tp1->sent < SCTP_DATAGRAM_RESEND) && + if ((tp1->sent < SCTP_DATAGRAM_RESEND) && + (tp1->whoTo->find_rtx_pseudo_cumack == 1) && (tp1->snd_count > 1)) { tp1->whoTo->rtx_pseudo_cumack = tp1->rec.data.TSN_seq; tp1->whoTo->find_rtx_pseudo_cumack = 0; @@ -3512,7 +3514,7 @@ sctp_window_probe_recovery(struct sctp_tcb *stcb, if ((tp1->sent >= SCTP_DATAGRAM_ACKED) || (tp1->data == NULL)) { /* TSN's skipped we do NOT move back. */ sctp_misc_ints(SCTP_FLIGHT_LOG_DWN_WP_FWD, - tp1->whoTo->flight_size, + tp1->whoTo ? tp1->whoTo->flight_size : 0, tp1->book_size, (uintptr_t) tp1->whoTo, tp1->rec.data.TSN_seq); |