MFS 286079:
MFC r285999 (kp):
pf: Always initialise pf_fragment.fr_flags
When we allocate the struct pf_fragment in pf_fillup_fragment() we
forgot to initialise the fr_flags field. As a result we sometimes
mistakenly thought the fragment to not be a buffered fragment.
This resulted in panics because we'd end up freeing the pf_fragment
but not removing it from V_pf_fragqueue (believing it to be part of
V_pf_cachequeue). The next time we iterated V_pf_fragqueue we'd use
a freed object and panic.
While here also fix a pf_fragment use after free in pf_normalize_ip().
pf_reassemble() frees the pf_fragment, so we can't use it any more.
Approved by: re (glebius)
Sponsored by: The FreeBSD Foundation
git-svn-id: https://svn.freebsd.org/base/releng/10.2@286083
ccf9f872-aa2e-dd11-9fc8-
001c23d0bc1f
projects / FreeBSD / releng / 10.2.git / commit