diff options
author | gnn <gnn@FreeBSD.org> | 2015-04-14 14:43:42 +0000 |
---|---|---|
committer | gnn <gnn@FreeBSD.org> | 2015-04-14 14:43:42 +0000 |
commit | be303b042badcdc6cb1fd1164d70d5e24661f898 (patch) | |
tree | b8ba0caa421152e751ffda9b800a7b687707be31 /sys/netpfil | |
parent | de9078cbfaabd043bf0ec4a70001621fb7c98dcd (diff) | |
download | FreeBSD-src-be303b042badcdc6cb1fd1164d70d5e24661f898.zip FreeBSD-src-be303b042badcdc6cb1fd1164d70d5e24661f898.tar.gz |
I can find no reason to allow packets with both SYN and FIN bits
set past this point in the code. The packet should be dropped and
not massaged as it is here.
Differential Revision: https://reviews.freebsd.org/D2266
Submitted by: eri
Sponsored by: Rubicon Communications (Netgate)
Diffstat (limited to 'sys/netpfil')
-rw-r--r-- | sys/netpfil/pf/pf_norm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 6053452..f169723 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -1643,7 +1643,7 @@ pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff, goto tcp_drop; if (flags & TH_FIN) - flags &= ~TH_FIN; + goto tcp_drop; } else { /* Illegal packet */ if (!(flags & (TH_ACK|TH_RST))) |