Fix two cases of incorrect IPQ_UNLOCK'ing in the merged ip_reass() function.

The first one was going to 'dropfrag', which unlocks the IPQ, before the lock was aquired; The second one doing a unlock and then a 'goto dropfrag' which led to a double-unlock. Tripped over by: des
2004-08-12 08:37:42 +00:00 · 2004-08-12 08:37:42 +00:00 · 6822e5677f
commit 6822e5677f
parent a71e43e2c6
1 changed files with 2 additions and 2 deletions
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@ -895,7 +895,8 @@ ip_reass(struct mbuf *m)
 	if (maxnipq == 0) {
 		ipstat.ips_fragments++;
 		ipstat.ips_fragdropped++;
-		goto dropfrag;
+		m_freem(m);
+		return (NULL);
 	}

 	ip = mtod(m, struct ip *);
@ -959,7 +960,6 @@ ip_reass(struct mbuf *m)
 		 * that's a non-zero multiple of 8 bytes.
 		 */
 		if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) {
-			IPQ_UNLOCK();
 			ipstat.ips_toosmall++; /* XXX */
 			goto dropfrag;
 		}