Fix Coverity issues and minor cleanups

4 files changed, 50 insertions, 49 deletions

diff --git a/usrsctplib/netinet/sctp_indata.c b/usrsctplib/netinet/sctp_indata.c
index 91980d3..3982c35 100755
--- a/usrsctplib/netinet/sctp_indata.c
+++ b/usrsctplib/netinet/sctp_indata.c
@@ -1375,7 +1375,7 @@ out:
 
 /*
  * Dump onto the re-assembly queue, in its proper place. After dumping on the
- * queue, see if anthing can be delivered. If so pull it off (or as much as
+ * queue, see if anything can be delivered. If so pull it off (or as much as
  * we can. If we run out of space then we must dump what we can and set the
  * appropriate flag to say we queued what we could.
  */
@@ -5308,13 +5308,17 @@ sctp_update_acked(struct sctp_tcb *stcb, struct sctp_shutdown_chunk *cp, int *ab
 
 static void
 sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
-			       struct sctp_stream_in *strmin)
+                               struct sctp_stream_in *strmin)
 {
 	struct sctp_queued_to_read *control, *ncontrol;
 	struct sctp_association *asoc;
 	uint32_t mid;
 	int need_reasm_check = 0;
 
+	KASSERT(stcb != NULL, ("stcb == NULL"));
+	SCTP_TCB_LOCK_ASSERT(stcb);
+	SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
+
 	asoc = &stcb->asoc;
 	mid = strmin->last_mid_delivered;
 	/*
@@ -5352,11 +5356,9 @@ sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
 				/* deliver it to at least the delivery-q */
 				if (stcb->sctp_socket) {
 					sctp_mark_non_revokable(asoc, control->sinfo_tsn);
-					sctp_add_to_readq(stcb->sctp_ep, stcb,
-							  control,
-							  &stcb->sctp_socket->so_rcv,
-							  1, SCTP_READ_LOCK_HELD,
-							  SCTP_SO_NOT_LOCKED);
+					sctp_add_to_readq(stcb->sctp_ep, stcb, control,
+					                  &stcb->sctp_socket->so_rcv, 1,
+					                  SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
 				}
 			} else {
 				/* Its a fragmented message */
@@ -5422,10 +5424,9 @@ sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
 				strmin->last_mid_delivered = control->mid;
 				if (stcb->sctp_socket) {
 					sctp_mark_non_revokable(asoc, control->sinfo_tsn);
-					sctp_add_to_readq(stcb->sctp_ep, stcb,
-							  control,
-							  &stcb->sctp_socket->so_rcv, 1,
-							  SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
+					sctp_add_to_readq(stcb->sctp_ep, stcb, control,
+					                  &stcb->sctp_socket->so_rcv, 1,
+					                  SCTP_READ_LOCK_HELD, SCTP_SO_NOT_LOCKED);
 				}
 				mid = strmin->last_mid_delivered + 1;
 			} else {
@@ -5448,8 +5449,8 @@ sctp_kick_prsctp_reorder_queue(struct sctp_tcb *stcb,
 
 static void
 sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb,
-	struct sctp_association *asoc, struct sctp_stream_in *strm,
-	struct sctp_queued_to_read *control, int ordered, uint32_t cumtsn)
+                              struct sctp_association *asoc, struct sctp_stream_in *strm,
+                              struct sctp_queued_to_read *control, int ordered, uint32_t cumtsn)
 {
 	struct sctp_tmit_chunk *chk, *nchk;
 
@@ -5461,6 +5462,11 @@ sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb,
 	 * delivery function... to see if it can be delivered... But
 	 * for now we just dump everything on the queue.
 	 */
+
+	KASSERT(stcb != NULL, ("stcb == NULL"));
+	SCTP_TCB_LOCK_ASSERT(stcb);
+	SCTP_INP_READ_LOCK_ASSERT(stcb->sctp_ep);
+
 	if (!asoc->idata_supported && !ordered &&
 	    control->first_frag_seen &&
 	    SCTP_TSN_GT(control->fsn_included, cumtsn)) {
@@ -5501,7 +5507,7 @@ sctp_flush_reassm_for_str_seq(struct sctp_tcb *stcb,
 		if (chk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
 			TAILQ_REMOVE(&control->reasm, chk, sctp_next);
 			sctp_add_chk_to_control(control, strm, stcb, asoc,
-						chk, SCTP_READ_LOCK_HELD);
+			                        chk, SCTP_READ_LOCK_HELD);
 		}
 		sctp_deliver_reasm_check(stcb, asoc, strm, SCTP_READ_LOCK_HELD);
 		return;
diff --git a/usrsctplib/netinet/sctp_input.c b/usrsctplib/netinet/sctp_input.c
index 3b134c4..a7f7afc 100755
--- a/usrsctplib/netinet/sctp_input.c
+++ b/usrsctplib/netinet/sctp_input.c
@@ -4624,6 +4624,8 @@ sctp_handle_packet_dropped(struct sctp_pktdrop_chunk *cp,
 				SCTP_STAT_INCR(sctps_pdrpmbda);
 			}
 		} else {
+			desc.tsn_ifany = htonl(0);
+			memset(desc.data_bytes, 0, SCTP_NUM_DB_TO_VERIFY);
 			if (pktdrp_flags & SCTP_FROM_MIDDLE_BOX) {
 				SCTP_STAT_INCR(sctps_pdrpmbct);
 			}
@@ -5934,7 +5936,6 @@ cksum_validated:
 	if ((stcb != NULL) &&
 	    ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) &&
 	    (stcb->sctp_socket != NULL)) {
-		ACCEPT_LOCK();
 		if (stcb->sctp_socket->so_head != NULL) {
 			upcall_socket = stcb->sctp_socket->so_head;
 		} else {
@@ -5943,7 +5944,6 @@ cksum_validated:
 		SOCK_LOCK(upcall_socket);
 		soref(upcall_socket);
 		SOCK_UNLOCK(upcall_socket);
-		ACCEPT_UNLOCK();
 	}
 #endif
 	if (IS_SCTP_CONTROL(ch)) {
@@ -6039,7 +6039,6 @@ cksum_validated:
 	if ((upcall_socket == NULL) &&
 	    ((stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) &&
 	    (stcb->sctp_socket != NULL)) {
-		ACCEPT_LOCK();
 		if (stcb->sctp_socket->so_head != NULL) {
 			upcall_socket = stcb->sctp_socket->so_head;
 		} else {
@@ -6048,7 +6047,6 @@ cksum_validated:
 		SOCK_LOCK(upcall_socket);
 		soref(upcall_socket);
 		SOCK_UNLOCK(upcall_socket);
-		ACCEPT_UNLOCK();
 	}
 #endif
 
diff --git a/usrsctplib/netinet/sctp_output.c b/usrsctplib/netinet/sctp_output.c
index b8a7b46..2bb8007 100755
--- a/usrsctplib/netinet/sctp_output.c
+++ b/usrsctplib/netinet/sctp_output.c
@@ -7278,7 +7278,9 @@ sctp_sendall_iterator(struct sctp_inpcb *inp, struct sctp_tcb *stcb, void *ptr,
 		} else {
 			m = sctp_get_mbuf_for_msg(sizeof(struct sctp_paramhdr),
 			                          0, M_NOWAIT, 1, MT_DATA);
-			SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr);
+			if (m != NULL) {
+				SCTP_BUF_LEN(m) = sizeof(struct sctp_paramhdr);
+			}
 		}
 		if (m != NULL) {
 			struct sctp_paramhdr *ph;
@@ -7475,18 +7477,28 @@ static int
 sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m,
     struct sctp_nonpad_sndrcvinfo *srcv)
 {
-	int ret;
 	struct sctp_copy_all *ca;
+	struct mbuf *mat;
+	ssize_t sndlen;
+	int ret;
 
+	if (uio != NULL) {
 #if defined(__APPLE__) && !defined(__Userspace__)
 #if defined(APPLE_LEOPARD)
-	if (uio->uio_resid > SCTP_BASE_SYSCTL(sctp_sendall_limit)) {
+		sndlen = uio->uio_resid;
 #else
-	if (uio_resid(uio) > SCTP_BASE_SYSCTL(sctp_sendall_limit)) {
+		sndlen = uio_resid(uio);
 #endif
 #else
-	if (uio->uio_resid > (ssize_t)SCTP_BASE_SYSCTL(sctp_sendall_limit)) {
+		sndlen = uio->uio_resid;
 #endif
+	} else {
+		sndlen = 0;
+		for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) {
+			sndlen += SCTP_BUF_LEN(mat);
+		}
+	}
+	if (sndlen > (ssize_t)SCTP_BASE_SYSCTL(sctp_sendall_limit)) {
 		/* You must not be larger than the limit! */
 		return (EMSGSIZE);
 	}
@@ -7498,12 +7510,10 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m,
 		return (ENOMEM);
 	}
 	memset(ca, 0, sizeof(struct sctp_copy_all));
-
 	ca->inp = inp;
 	if (srcv != NULL) {
 		memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo));
 	}
-
 	/* Serialize. */
 	SCTP_INP_WLOCK(inp);
 	if ((inp->sctp_flags & SCTP_PCB_FLAGS_SND_ITERATOR_UP) != 0) {
@@ -7514,23 +7524,14 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m,
 	}
 	inp->sctp_flags |= SCTP_PCB_FLAGS_SND_ITERATOR_UP;
 	SCTP_INP_WUNLOCK(inp);
-
 	/*
 	 * take off the sendall flag, it would be bad if we failed to do
 	 * this :-0
 	 */
 	ca->sndrcv.sinfo_flags &= ~SCTP_SENDALL;
 	/* get length and mbuf chain */
-	if (uio) {
-#if defined(__APPLE__) && !defined(__Userspace__)
-#if defined(APPLE_LEOPARD)
-		ca->sndlen = uio->uio_resid;
-#else
-		ca->sndlen = uio_resid(uio);
-#endif
-#else
-		ca->sndlen = uio->uio_resid;
-#endif
+	ca->sndlen = sndlen;
+	if (uio != NULL) {
 #if defined(__APPLE__) && !defined(__Userspace__)
 		SCTP_SOCKET_UNLOCK(SCTP_INP_SO(inp), 0);
 #endif
@@ -7548,20 +7549,14 @@ sctp_sendall(struct sctp_inpcb *inp, struct uio *uio, struct mbuf *m,
 			return (ENOMEM);
 		}
 	} else {
-		/* Gather the length of the send */
-		struct mbuf *mat;
-
-		ca->sndlen = 0;
-		for (mat = m; mat; mat = SCTP_BUF_NEXT(mat)) {
-			ca->sndlen += SCTP_BUF_LEN(mat);
-		}
+		ca->m = m;
 	}
 	ret = sctp_initiate_iterator(NULL, sctp_sendall_iterator, NULL,
-				     SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES,
-				     SCTP_ASOC_ANY_STATE,
-				     (void *)ca, 0,
-				     sctp_sendall_completes, inp, 1);
-	if (ret) {
+	                             SCTP_PCB_ANY_FLAGS, SCTP_PCB_ANY_FEATURES,
+	                             SCTP_ASOC_ANY_STATE,
+	                             (void *)ca, 0,
+	                             sctp_sendall_completes, inp, 1);
+	if (ret != 0) {
 		SCTP_INP_WLOCK(inp);
 		inp->sctp_flags &= ~SCTP_PCB_FLAGS_SND_ITERATOR_UP;
 		SCTP_INP_WUNLOCK(inp);
diff --git a/usrsctplib/netinet/sctp_usrreq.c b/usrsctplib/netinet/sctp_usrreq.c
index df4424e..53aeaa1 100755
--- a/usrsctplib/netinet/sctp_usrreq.c
+++ b/usrsctplib/netinet/sctp_usrreq.c
@@ -1312,7 +1312,9 @@ sctp_flush(struct socket *so, int how)
 			}
 			sctp_free_a_readq(stcb, control);
 		} else {
-			stcb->asoc.size_on_all_streams += control->length;
+			if (stcb != NULL) {
+				stcb->asoc.size_on_all_streams += control->length;
+			}
 		}
 	}
 	SOCK_UNLOCK(so);