From 69b4218afc9bf1888d3ab34ff305e05f7b6eb7bb Mon Sep 17 00:00:00 2001
From: Jason Ish <ish@unx.ca>
Date: Mon, 15 Jun 2015 11:06:50 -0600
Subject: [PATCH] defrag: don't use trackers marked for removal

These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.
---
 src/defrag-hash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/defrag-hash.c b/src/defrag-hash.c
index 9cb377e5b3..be2fd456ac 100644
--- a/src/defrag-hash.c
+++ b/src/defrag-hash.c
@@ -526,7 +526,7 @@ DefragTracker *DefragGetTrackerFromHash (Packet *p)
     dt = hb->head;
 
     /* see if this is the tracker we are looking for */
-    if (DefragTrackerCompare(dt, p) == 0) {
+    if (dt->remove || DefragTrackerCompare(dt, p) == 0) {
         DefragTracker *pdt = NULL; /* previous tracker */
 
         while (dt) {