From 7644c6e1f81428ca00a386d9a988175b5a60bb83 Mon Sep 17 00:00:00 2001
From: Aomx <julian.cordes@gmail.com>
Date: Thu, 26 Nov 2015 19:56:31 +0100
Subject: [PATCH] fix for issue 77

---
 gtests/net/packetdrill/run_packet.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/gtests/net/packetdrill/run_packet.c b/gtests/net/packetdrill/run_packet.c
index a87fe2c1..51286489 100644
--- a/gtests/net/packetdrill/run_packet.c
+++ b/gtests/net/packetdrill/run_packet.c
@@ -569,6 +569,10 @@ static int map_inbound_icmp_packet(
 	return STATUS_ERR;
 }
 
+static inline bool is_valid_sack_length(struct sctp_sack_chunk *sack) {
+	return sack->length == 16+2*sack->nr_gap_blocks+4*sack->nr_dup_tsns;
+}
+
 static int map_inbound_sctp_packet(
 	struct socket *socket, struct packet *live_packet, char **error)
 {
@@ -635,9 +639,13 @@ static int map_inbound_sctp_packet(
 			DEBUGP("New SACK cum TSN %d\n", ntohl(sack->cum_tsn));
 			nr_gap_blocks = ntohs(sack->nr_gap_blocks);
 			nr_dup_tsns = ntohs(sack->nr_dup_tsns);
-			for (i = 0; i < nr_dup_tsns; i++) {
-				sack->block[i + nr_gap_blocks].tsn = htonl(ntohl(sack->block[i + nr_gap_blocks].tsn) + local_diff);
+
+			if (is_valid_sack_length(sack)) {
+				for (i = 0; i < nr_dup_tsns; i++) {
+					sack->block[i + nr_gap_blocks].tsn = htonl(ntohl(sack->block[i + nr_gap_blocks].tsn) + local_diff);
+				}
 			}
+
 			break;
 		case SCTP_ABORT_CHUNK_TYPE:
 			abort = (struct sctp_abort_chunk *)chunk;
-- 
GitLab