CVSROOT: /cvs Module name: src Changes by: [email protected] 2011/01/19 04:39:57
Modified files:
sys/net : pf.c pf_norm.c
Log message:
Give pf_normalize_ip() the same 3 way semantics as pf_test().
- PF_DROP, the packet is bad, the mbuf still exists and must be freed.
- PF_PASS and *m0 is NULL, the packet has been processed, not an error.
- PF_PASS and *m0 is not NULL, continue with packet processing.
This fixes a potential mbuf use after free.
ok henning@ markus@ mpf@
