diff options
| author | Marcus Glocker <mglocker@cvs.openbsd.org> | 2007-12-30 10:32:25 +0000 |
|---|---|---|
| committer | Marcus Glocker <mglocker@cvs.openbsd.org> | 2007-12-30 10:32:25 +0000 |
| commit | 8e4340d83bc28d1b8d8dedd41d5f99a5fa992642 (patch) | |
| tree | f95d64bcbcb26c386b862c651307760fe9b51879 /sys/net | |
| parent | b708fc550eeb094defc983273d8d65ee9f8a35a6 (diff) | |
In pf_normalize_tcpopt() call pf_pull_hdr() address family safe.
OK dhartmei@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf_norm.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 07128e4d2bd..524f8c16469 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.110 2007/12/30 00:16:39 mglocker Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.111 2007/12/30 10:32:24 mglocker Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -115,7 +115,7 @@ struct mbuf *pf_reassemble(struct mbuf **, struct pf_fragment **, struct mbuf *pf_fragcache(struct mbuf **, struct ip*, struct pf_fragment **, int, int, int *); int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *, - struct tcphdr *, int); + struct tcphdr *, int, sa_family_t); #define DPFPRINTF(x) do { \ if (pf_status.debug >= PF_DEBUG_MISC) { \ @@ -1316,7 +1316,7 @@ pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff, } /* Process options */ - if (r->max_mss && pf_normalize_tcpopt(r, m, th, off)) + if (r->max_mss && pf_normalize_tcpopt(r, m, th, off, pd->af)) rewrite = 1; /* copy back packet headers if we sanitized */ @@ -1819,7 +1819,7 @@ pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd, int pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th, - int off) + int off, sa_family_t af) { u_int16_t *mss; int thoff; @@ -1832,7 +1832,7 @@ pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th, cnt = thoff - sizeof(struct tcphdr); if (cnt > 0 && !pf_pull_hdr(m, off + sizeof(*th), opts, cnt, - NULL, NULL, AF_INET)) + NULL, NULL, af)) return (rewrite); for (; cnt > 0; cnt -= optlen, optp += optlen) { |