From 6822e5677f769043f35002692c2631891f6146bf Mon Sep 17 00:00:00 2001
From: andre <andre@FreeBSD.org>
Date: Thu, 12 Aug 2004 08:37:42 +0000
Subject: [PATCH] Fix two cases of incorrect IPQ_UNLOCK'ing in the merged
 ip_reass() function. The first one was going to 'dropfrag', which unlocks the
 IPQ, before the lock was aquired; The second one doing a unlock and then a
 'goto dropfrag' which led to a double-unlock.

Tripped over by:	des
---
 sys/netinet/ip_input.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 61db043867b2..0d64effd2e93 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -895,7 +895,8 @@ ip_reass(struct mbuf *m)
 	if (maxnipq == 0) {
 		ipstat.ips_fragments++;
 		ipstat.ips_fragdropped++;
-		goto dropfrag;
+		m_freem(m);
+		return (NULL);
 	}
 
 	ip = mtod(m, struct ip *);
@@ -959,7 +960,6 @@ ip_reass(struct mbuf *m)
 		 * that's a non-zero multiple of 8 bytes.
 		 */
 		if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) {
-			IPQ_UNLOCK();
 			ipstat.ips_toosmall++; /* XXX */
 			goto dropfrag;
 		}