From fcf0d611538ab5e58eaf36ba003573cafbe6b12a Mon Sep 17 00:00:00 2001
From: bluhm <bluhm@openbsd.org>
Date: Wed, 29 Apr 2015 18:05:56 +0000
Subject: [PATCH] In most cases, IP fragments do not have an Ethernet padding. 
 So add a condition to save a useless call to m_adj() and have a paranoid
 length check in the other cases. OK henning@

---
 sys/net/pf_norm.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c
index 6793171d23e..3ca4464bea7 100644
--- a/sys/net/pf_norm.c
+++ b/sys/net/pf_norm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_norm.c,v 1.176 2015/04/17 16:42:50 bluhm Exp $ */
+/*	$OpenBSD: pf_norm.c,v 1.177 2015/04/29 18:05:56 bluhm Exp $ */
 
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
@@ -469,7 +469,8 @@ pf_join_fragment(struct pf_fragment *frag)
 
 	m = frent->fe_m;
 	/* Strip off any trailing bytes */
-	m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len);
+	if ((frent->fe_hdrlen + frent->fe_len) < m->m_pkthdr.len)
+		m_adj(m, (frent->fe_hdrlen + frent->fe_len) - m->m_pkthdr.len);
 	/* Magic from ip_input */
 	m2 = m->m_next;
 	m->m_next = NULL;
@@ -483,7 +484,8 @@ pf_join_fragment(struct pf_fragment *frag)
 		/* Strip off ip header */
 		m_adj(m2, frent->fe_hdrlen);
 		/* Strip off any trailing bytes */
-		m_adj(m2, frent->fe_len - m2->m_pkthdr.len);
+		if (frent->fe_len < m2->m_pkthdr.len);
+			m_adj(m2, frent->fe_len - m2->m_pkthdr.len);
 		pool_put(&pf_frent_pl, frent);
 		pf_nfrents--;
 		m_cat(m, m2);
-- 
2.20.1