Hey all- I'm having a bit of trouble understanding the implementation of sctp_rcv_ootb. Specifically I'm wondering why we allow packets checked in sctp_rcv_ootb with malformed chunks into the receive queue. For instance, if a chunk in an ootb packet has a zero length, we break out of the loop and return 0, which lets us eventually call sctp_inq_push to put it on the receive queue, from which point on we seem to assume the chunk header length field is valid and correct. Am I missing something, or is this a bug? Thanks! Neil -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
