From e868acaa1cedfbb68e91eddfb22265296afa931e Mon Sep 17 00:00:00 2001
From: foxfair <foxfair@FreeBSD.org>
Date: Fri, 18 Jul 2003 01:51:24 +0000
Subject: PR: Submitted by: Reviewed by: Approved by: Obtained from: MFC after:
 Add a patch to fix a u_int_16 overflow after new merged gcc.

Submitted by:		Pyun YongHyeon <yongari@kt-is.co.kr>
Reviewed by:		maintainer
tested ok by:		all current platforms
---
 security/pf/files/patch-af | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 security/pf/files/patch-af

(limited to 'security/pf/files')

diff --git a/security/pf/files/patch-af b/security/pf/files/patch-af
new file mode 100644
index 0000000..9ae4ad0
--- /dev/null
+++ b/security/pf/files/patch-af
@@ -0,0 +1,19 @@
+--- pf/pf_norm.c	3 Jul 2003 02:40:10 -0000	1.2.16.1
++++ pf/pf_norm.c	14 Jul 2003 07:11:17 -0000	1.2.16.2
+@@ -1050,12 +1050,12 @@
+ 		goto bad;
+ 	}
+ 
+-	max = fragoff + ip_len;
+ 	/* Respect maximum length */
+-	if (max > IP_MAXPACKET) {
+-		DPFPRINTF(("max packet %d\n", max));
++	if (fragoff + ip_len > IP_MAXPACKET) {
++		DPFPRINTF(("max packet %d\n", fragoff + ip_len));
+ 		goto bad;
+ 	}
++	max = fragoff + ip_len;
+ 
+ 	if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0) {
+ 		/* Fully buffer all of the fragments */
+
-- 
cgit v1.1