head	1.2;
access;
symbols
	RELEASE_4_9_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2003.09.28.13.27.06;	author edwin;	state dead;
branches;
next	1.1;

1.1
date	2003.07.18.01.51.24;	author foxfair;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update port: security/pf - OpenBSD 3.4 pf

	Port update after API change in PFIL_HOOKS in -current and
	OpenBSD 3.4 Release.

PR:		 ports/57305
Submitted by:	Max Laier <max@@love2party.net>
@
text
@--- pf/pf_norm.c	3 Jul 2003 02:40:10 -0000	1.2.16.1
+++ pf/pf_norm.c	14 Jul 2003 07:11:17 -0000	1.2.16.2
@@@@ -1050,12 +1050,12 @@@@
 		goto bad;
 	}
 
-	max = fragoff + ip_len;
 	/* Respect maximum length */
-	if (max > IP_MAXPACKET) {
-		DPFPRINTF(("max packet %d\n", max));
+	if (fragoff + ip_len > IP_MAXPACKET) {
+		DPFPRINTF(("max packet %d\n", fragoff + ip_len));
 		goto bad;
 	}
+	max = fragoff + ip_len;
 
 	if ((r->rule_flag & (PFRULE_FRAGCROP|PFRULE_FRAGDROP)) == 0) {
 		/* Fully buffer all of the fragments */

@


1.1
log
@PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Add a patch to fix a u_int_16 overflow after new merged gcc.

Submitted by:		Pyun YongHyeon <yongari@@kt-is.co.kr>
Reviewed by:		maintainer
tested ok by:		all current platforms
@
text
@@

