bfd9b96314
When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to initialise the fr_flags field. As a result we sometimes mistakenly thought the fragment to not be a buffered fragment. This resulted in panics because we'd end up freeing the pf_fragment but not removing it from V_pf_fragqueue (believing it to be part of V_pf_cachequeue). The next time we iterated V_pf_fragqueue we'd use a freed object and panic. While here also fix a pf_fragment use after free in pf_normalize_ip(). pf_reassemble() frees the pf_fragment, so we can't use it any more. PR: 201879, 201932 MFC after: 5 days |
||
---|---|---|
.. | ||
if_pflog.c | ||
if_pfsync.c | ||
in4_cksum.c | ||
pf_altq.h | ||
pf_if.c | ||
pf_ioctl.c | ||
pf_lb.c | ||
pf_mtag.h | ||
pf_norm.c | ||
pf_osfp.c | ||
pf_ruleset.c | ||
pf_table.c | ||
pf.c | ||
pf.h |