freebsd

mirror of https://git.FreeBSD.org/src.git synced 2024-12-21 11:13:30 +00:00

History

Kristof Provost 48c29b118e pf: Always initialise pf_fragment.fr_flags When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to initialise the fr_flags field. As a result we sometimes mistakenly thought the fragment to not be a buffered fragment. This resulted in panics because we'd end up freeing the pf_fragment but not removing it from V_pf_fragqueue (believing it to be part of V_pf_cachequeue). The next time we iterated V_pf_fragqueue we'd use a freed object and panic. While here also fix a pf_fragment use after free in pf_normalize_ip(). pf_reassemble() frees the pf_fragment, so we can't use it any more. PR: 201879, 201932 MFC after: 5 days	2015-07-29 06:35:36 +00:00
..
ipfw	Add helper functions for IP checksum adjusting. Use these functions in	2015-07-20 07:26:31 +00:00
pf	pf: Always initialise pf_fragment.fr_flags	2015-07-29 06:35:36 +00:00

Kristof Provost 48c29b118e pf: Always initialise pf_fragment.fr_flags

When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to
initialise the fr_flags field. As a result we sometimes mistakenly thought the
fragment to not be a buffered fragment. This resulted in panics because we'd end
up freeing the pf_fragment but not removing it from V_pf_fragqueue (believing it
to be part of V_pf_cachequeue).
The next time we iterated V_pf_fragqueue we'd use a freed object and panic.

While here also fix a pf_fragment use after free in pf_normalize_ip().
pf_reassemble() frees the pf_fragment, so we can't use it any more.

PR:		201879, 201932
MFC after:	5 days

2015-07-29 06:35:36 +00:00

ipfw

Add helper functions for IP checksum adjusting. Use these functions in

2015-07-20 07:26:31 +00:00

pf: Always initialise pf_fragment.fr_flags

2015-07-29 06:35:36 +00:00