On Mon, Nov 21, 2016 at 10:58:43AM +0100, Alexander Bluhm wrote:
> On Fri, Nov 18, 2016 at 11:33:33PM +0100, Alexandr Nedvedicky wrote:
> > how about using 'goto free_ipv6_frag' ? It better explains, what's
> > going to happen.
>
> makes sense
thanks a lot, I'm O.K. with it.
regards
sasha
>
> bluhm
>
> Index: net/pf_norm.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf_norm.c,v
> retrieving revision 1.195
> diff -u -p -r1.195 pf_norm.c
> --- net/pf_norm.c 26 Oct 2016 21:07:22 -0000 1.195
> +++ net/pf_norm.c 21 Nov 2016 09:55:36 -0000
> @@ -331,16 +331,16 @@ pf_fillup_fragment(struct pf_fragment_cm
>
> /* Non terminal fragments must have more fragments flag */
> if (frent->fe_off + frent->fe_len < total && !frent->fe_mff)
> - goto bad_fragment;
> + goto free_ipv6_fragment;
>
> /* Check if we saw the last fragment already */
> if (!TAILQ_LAST(&frag->fr_queue, pf_fragq)->fe_mff) {
> if (frent->fe_off + frent->fe_len > total ||
> (frent->fe_off + frent->fe_len == total && frent->fe_mff))
> - goto bad_fragment;
> + goto free_ipv6_fragment;
> } else {
> if (frent->fe_off + frent->fe_len == total && !frent->fe_mff)
> - goto bad_fragment;
> + goto free_ipv6_fragment;
> }
>
> /* Find a fragment after the current one */
> @@ -406,7 +406,10 @@ pf_fillup_fragment(struct pf_fragment_cm
>
> return (frag);
>
> +free_ipv6_fragment:
> #ifdef INET6
> + if (frag->fr_af == AF_INET)
> + goto bad_fragment;
> free_fragment:
> /*
> * RFC 5722, Errata 3089: When reassembling an IPv6 datagram, if one
