From 2c23476f87cb8e899f2d8feb5eadf61075350f7e Mon Sep 17 00:00:00 2001
From: Daniel Hartmeier <dhartmei@cvs.openbsd.org>
Date: Wed, 18 Jan 2006 22:03:22 +0000
Subject: fix a bug in the fragment cache (used for 'scrub fragment
 crop/drop-ovl', but not 'fragment reassemble'), which can cause some
 fragments to get inserted into the cache twice, thereby violating an
 invariant, and panic- ing the system subsequently. ok deraadt@

---
 sys/net/pf_norm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sys/net')

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 4d1d77578bc..76be7c7217e 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.103 2005/10/17 08:43:35 henning Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.104 2006/01/18 22:03:21 dhartmei Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -704,7 +704,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 			} else {
 				hosed++;
 			}
-		} else {
+		} else if (frp == NULL) {
 			/* There is a gap between fragments */
 			DPFPRINTF(("fragcache[%d]: gap %d %d-%d (%d-%d)\n",
 			    h->ip_id, -aftercut, off, max, fra->fr_off,
-- 
cgit v1.2.3