sctp_send() bug: usage of invalid memory area on stack -> corrupted sctp_sndrcvinfo

I have found a critical bug in sctp_send() (in sctpsend.c), for at least lksctp-tools version 1.0.11:

- If sinfo is a pointer to a sctp_sndrcvinfo structure, SCTP_SNDRCV has to be
provided as cmsg to the kernel. This is checked in line 91:
if (sinfo) {

- In this case, the necessary cmsg structure is initialized. The memory for
this structure is allocated on the stack, in line 92:
char outcmsg[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];

- Line 103 closes the "if (sinfo)" block opened in line 91. Now, outcmsg
becomes invalid. The memory of outcmsg may now be overwritten with arbitrary
data.

- Line 105 provides the message structure to the kernel, with
outmsg.msg_control pointing to possibly garbage:
return sendmsg(s, &outmsg, flags);

At least for the lksctp library provided with Ubuntu 12.12 (only tested 64-bit
version), this reproduceably makes the following SCTP-based program packages
unusable:
- rsplib
- netperfmeter
Both programs fail when using sctp_send() to set the PPID of an outgoing
packet. This is probably also the case for all other programs using
sctp_send() under at least the latest Ubuntu Linux. Therefore, this bug should
be considered as critical.

A patch is provided in the attached file. It simply moves the variable
declarations to the root of the function.