summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Hartmeier <dhartmei@cvs.openbsd.org>2003-01-25 19:47:06 +0000
committerDaniel Hartmeier <dhartmei@cvs.openbsd.org>2003-01-25 19:47:06 +0000
commit7cf0a5a97f81fec61e5977101cd711bf0c2050c9 (patch)
tree41c16d96a58546fd8cb5e7760c0cb09e07016832
parent42097be7b7d7d2c06ce009d92cfe1aef669fab03 (diff)
Fix a bug that potentially caused fragments to be dropped when the
overlap calculation got negative. Found by Baruch Even. ok henning@
-rw-r--r--sys/net/pf_norm.c17
1 files changed, 7 insertions, 10 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 894db02eb9b..9532eb0fad0 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_norm.c,v 1.51 2003/01/09 15:58:35 dhartmei Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.52 2003/01/25 19:47:05 dhartmei Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -364,20 +364,17 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag,
KASSERT(frep != NULL || frea != NULL);
- if (frep != NULL) {
+ if (frep != NULL && frep->fr_ip->ip_off + frep->fr_ip->ip_len > off) {
u_int16_t precut;
precut = frep->fr_ip->ip_off + frep->fr_ip->ip_len - off;
if (precut >= ip->ip_len)
goto drop_fragment;
- if (precut) {
- m_adj(frent->fr_m, precut);
-
- DPFPRINTF(("overlap -%d\n", precut));
- /* Enforce 8 byte boundaries */
- off = ip->ip_off += precut;
- ip->ip_len -= precut;
- }
+ m_adj(frent->fr_m, precut);
+ DPFPRINTF(("overlap -%d\n", precut));
+ /* Enforce 8 byte boundaries */
+ off = ip->ip_off += precut;
+ ip->ip_len -= precut;
}
for (; frea != NULL && ip->ip_len + off > frea->fr_ip->ip_off;