diff options
| author | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2006-04-16 00:59:53 +0000 |
|---|---|---|
| committer | Christopher Pascoe <pascoe@cvs.openbsd.org> | 2006-04-16 00:59:53 +0000 |
| commit | 9f1f0f20b74cf75d9bcc4beab180a9808e6c8ed4 (patch) | |
| tree | 0e2888c419ce07790567812b60f0399646ba620f /sys | |
| parent | b1d3f2c72d406edf3bdd49194cb4dffc44dc1af2 (diff) | |
After fragment reassembly/trimming, pf must revalidate the mbuf tag of the
altered chain. The cached tag may have already been freed via m_cat.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf_norm.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index 85e2d63b84e..df339ae6f69 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.106 2006/03/25 20:55:24 dhartmei Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.107 2006/04/16 00:59:52 pascoe Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -929,6 +929,18 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason, if (m == NULL) return (PF_DROP); + /* use mtag from concatenated mbuf chain */ + pd->pf_mtag = pf_find_mtag(m); +#ifdef DIAGNOSTIC + if (pd->pf_mtag == NULL) { + printf("%s: pf_find_mtag returned NULL(1)\n", __func__); + if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) { + m_freem(m); + *m0 = NULL; + goto no_mem; + } + } +#endif if (frag != NULL && (frag->fr_flags & PFFRAG_DROP)) goto drop; @@ -964,6 +976,18 @@ pf_normalize_ip(struct mbuf **m0, int dir, struct pfi_kif *kif, u_short *reason, goto drop; } + /* use mtag from copied and trimmed mbuf chain */ + pd->pf_mtag = pf_find_mtag(m); +#ifdef DIAGNOSTIC + if (pd->pf_mtag == NULL) { + printf("%s: pf_find_mtag returned NULL(2)\n", __func__); + if ((pd->pf_mtag = pf_get_mtag(m)) == NULL) { + m_freem(m); + *m0 = NULL; + goto no_mem; + } + } +#endif if (dir == PF_IN) pd->pf_mtag->flags |= PF_TAG_FRAGCACHE; |