PR:

Submitted by: Reviewed by: Approved by: Obtained from: MFC after: Add a patch to fix a u_int_16 overflow after new merged gcc. Submitted by: Pyun YongHyeon <yongari@kt-is.co.kr> Reviewed by: maintainer tested ok by: all current platforms
author: Foxfair Hu <foxfair@FreeBSD.org> 2003-07-18 01:51:24 +0000
committer: Foxfair Hu <foxfair@FreeBSD.org> 2003-07-18 01:51:24 +0000
commit: b21f67a66cf49fc9eab660b3fa4e09a37d66ae7a (patch)
tree: b1f1ce0aa42e4061a387edb6a66b5d9614e614f7 /security/pf/files/patch-af
parent: Add the patch that removes BDB detection. (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/security/pf/files/patch-af b/security/pf/files/patch-af
new file mode 100644
index 000000000000..9ae4ad0066b7
--- /dev/null
+++ b/security/pf/files/patch-af
@@ -0,0 +1,19 @@
+--- pf/pf_norm.c	3 Jul 2003 02:40:10 -0000	1.2.16.1
++++ pf/pf_norm.c	14 Jul 2003 07:11:17 -0000	1.2.16.2
+@@ -1050,12 +1050,12 @@
+ 		goto bad;
+ 	}
+ 
+-	max = fragoff + ip_len;
+ 	/* Respect maximum length */
+-	if (max > IP_MAXPACKET) {
+-		DPFPRINTF(("max packet %d\n", max));
++	if (fragoff + ip_len > IP_MAXPACKET) {
++		DPFPRINTF(("max packet %d\n", fragoff + ip_len));
+ 		goto bad;
+ 	}
++	max = fragoff + ip_len;
+ 
+ 	if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0) {
+ 		/* Fully buffer all of the fragments */
+
author	Foxfair Hu <foxfair@FreeBSD.org>	2003-07-18 01:51:24 +0000
committer	Foxfair Hu <foxfair@FreeBSD.org>	2003-07-18 01:51:24 +0000
commit	b21f67a66cf49fc9eab660b3fa4e09a37d66ae7a (patch)
tree	b1f1ce0aa42e4061a387edb6a66b5d9614e614f7 /security/pf/files/patch-af
parent	Add the patch that removes BDB detection. (diff)