X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?p=pandora-kernel.git;a=blobdiff_plain;f=net%2Fsctp%2Fsm_statefuns.c;h=6b22d6a2dd63b45bc304762e2d2a29768562cdf1;hp=4e0a9b934233ba1edbd109c0bd04cf111f404ab7;hb=ba43cdd87d0aaed69ef1bb14a91c3e767a4c210f;hpb=0c91f32dc1bd2db0e6eef8404811fdb4c78afd2d

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 4e0a9b934233..6b22d6a2dd63 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -3354,6 +3354,12 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep,
 			return sctp_sf_violation_chunklen(ep, asoc, type, arg,
 						  commands);
 
+		/* Report violation if chunk len overflows */
+		ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
+		if (ch_end > skb_tail_pointer(skb))
+			return sctp_sf_violation_chunklen(ep, asoc, type, arg,
+						  commands);
+
 		/* Now that we know we at least have a chunk header,
 		 * do things that are type appropriate.
 		 */
@@ -3385,12 +3391,6 @@ sctp_disposition_t sctp_sf_ootb(const struct sctp_endpoint *ep,
 			}
 		}
 
-		/* Report violation if chunk len overflows */
-		ch_end = ((__u8 *)ch) + WORD_ROUND(ntohs(ch->length));
-		if (ch_end > skb_tail_pointer(skb))
-			return sctp_sf_violation_chunklen(ep, asoc, type, arg,
-						  commands);
-
 		ch = (sctp_chunkhdr_t *) ch_end;
 	} while (ch_end < skb_tail_pointer(skb));