diff options
author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2003-01-25 19:47:06 +0000 |
---|---|---|
committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2003-01-25 19:47:06 +0000 |
commit | 7cf0a5a97f81fec61e5977101cd711bf0c2050c9 (patch) | |
tree | 41c16d96a58546fd8cb5e7760c0cb09e07016832 /sys | |
parent | 42097be7b7d7d2c06ce009d92cfe1aef669fab03 (diff) |
Fix a bug that potentially caused fragments to be dropped when the
overlap calculation got negative. Found by Baruch Even. ok henning@
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf_norm.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 894db02eb9b..9532eb0fad0 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.51 2003/01/09 15:58:35 dhartmei Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.52 2003/01/25 19:47:05 dhartmei Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -364,20 +364,17 @@ pf_reassemble(struct mbuf **m0, struct pf_fragment *frag, KASSERT(frep != NULL || frea != NULL); - if (frep != NULL) { + if (frep != NULL && frep->fr_ip->ip_off + frep->fr_ip->ip_len > off) { u_int16_t precut; precut = frep->fr_ip->ip_off + frep->fr_ip->ip_len - off; if (precut >= ip->ip_len) goto drop_fragment; - if (precut) { - m_adj(frent->fr_m, precut); - - DPFPRINTF(("overlap -%d\n", precut)); - /* Enforce 8 byte boundaries */ - off = ip->ip_off += precut; - ip->ip_len -= precut; - } + m_adj(frent->fr_m, precut); + DPFPRINTF(("overlap -%d\n", precut)); + /* Enforce 8 byte boundaries */ + off = ip->ip_off += precut; + ip->ip_len -= precut; } for (; frea != NULL && ip->ip_len + off > frea->fr_ip->ip_off; |