In most cases, IP fragments do not have an Ethernet padding. So

add a condition to save a useless call to m_adj() and have a paranoid
length check in the other cases.
OK henning@

1 files changed, 5 insertions, 3 deletions

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 6793171d23e..3ca4464bea7 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.176 2015/04/17 16:42:50 bluhm Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.177 2015/04/29 18:05:56 bluhm Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -469,7 +469,8 @@ pf_join_fragment(struct pf_fragment *frag)
 
 	m = frent->fe_m;
 	/* Strip off any trailing bytes */
-	m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len);
+	if ((frent->fe_hdrlen + frent->fe_len) < m->m_pkthdr.len)
+		m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len);
 	/* Magic from ip_input */
 	m2 = m->m_next;
 	m->m_next = NULL;
@@ -483,7 +484,8 @@ pf_join_fragment(struct pf_fragment *frag)
 		/* Strip off ip header */
 		m_adj(m2, frent->fe_hdrlen);
 		/* Strip off any trailing bytes */
-		m_adj(m2, frent->fe_len - m2->m_pkthdr.len);
+		if (frent->fe_len < m2->m_pkthdr.len);
+			m_adj(m2, frent->fe_len - m2->m_pkthdr.len);
 		pool_put(&pf_frent_pl, frent);
 		pf_nfrents--;
 		m_cat(m, m2);