MFC rev. 1.16 of sys/contrib/pf/net/pf_norm.c: Correct an error in pf

handling of IP packet fragments which could result in a kernel panic.

Security:	FreeBSD-SA-06:07.pf
Approved by:	so (cperciva)

3 files changed, 6 insertions, 2 deletions

diff --git a/UPDATING b/UPDATING
index 211b0a845b94..38eab70645a9 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,6 +8,10 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.  Important recent entries: 20040724 (default X changes).
 
+20060125:	p25	FreeBSD-SA-06:07.pf
+	Correct an error in pf handling of IP packet fragments which
+	could result in a kernel panic. [06:07]
+
 20060111:	p24	FreeBSD-SA-06:01.texindex, FreeBSD-SA-06:02.ee,
 			FreeBSD-SA-06:03.cpio
 	Correct insecure temporary file usage in texindex. [06:01]
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 12505b9d3b95..1bab96111e61 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="5.3"
-BRANCH="RELEASE-p24"
+BRANCH="RELEASE-p25"
 RELEASE="${REVISION}-${BRANCH}"
 VERSION="${TYPE} ${RELEASE}"
 
diff --git a/sys/contrib/pf/net/pf_norm.c b/sys/contrib/pf/net/pf_norm.c
index fcaeaa4be632..a03a3557ba39 100644
--- a/sys/contrib/pf/net/pf_norm.c
+++ b/sys/contrib/pf/net/pf_norm.c
@@ -873,7 +873,7 @@ pf_fragcache(struct mbuf **m0, struct ip *h, struct pf_fragment **frag, int mff,
 			} else {
 				hosed++;
 			}
-		} else {
+		} else if (frp == NULL) {
 			/* There is a gap between fragments */
 			DPFPRINTF(("fragcache[%d]: gap %d %d-%d (%d-%d)\n",
 			    h->ip_id, -aftercut, off, max, fra->fr_off,