From 00ab510c7cabe5ff0ee618e3e6b7f48fdf9cdbfa Mon Sep 17 00:00:00 2001
From: rrs <rrs@FreeBSD.org>
Date: Wed, 30 May 2007 17:39:45 +0000
Subject: -  Fix a memory overwrite when the mapping array    is expanded, size
 of expansion was not taken int consideration. -  Fix so vtag hash is 1 bigger
 so that it modulo's out    correctly, avoids a panic when restart with right
 modulo happens. -  do not dereference stcb when control->do_not_ref_stcb is
 set -  Fix up packet logging to not often use a lock and also to    add to
 options. -  Fix some logging option duplication in the sctputil.h

---
 sys/netinet/sctp_input.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sys/netinet/sctp_input.c')

diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c
index bf4b292..0146811 100644
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@@ -1377,9 +1377,10 @@ sctp_process_cookie_existing(struct mbuf *m, int iphlen, int offset,
 		asoc->str_reset_seq_in = asoc->init_seq_number;
 
 		asoc->advanced_peer_ack_point = asoc->last_acked_seq;
-		if (asoc->mapping_array)
+		if (asoc->mapping_array) {
 			memset(asoc->mapping_array, 0,
 			    asoc->mapping_array_size);
+		}
 		SCTP_TCB_UNLOCK(stcb);
 		SCTP_INP_INFO_WLOCK();
 		SCTP_INP_WLOCK(stcb->sctp_ep);
-- 
cgit v1.1