defrag: don't use trackers marked for removal

These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.

diff --git a/src/defrag-hash.c b/src/defrag-hash.c
index 9cb377e5b3f2e3bf535b88da02d7152309aaa967..be2fd456ac84a629ff7cc059648984e3f002535d 100644 (file)
--- a/src/defrag-hash.c
+++ b/src/defrag-hash.c
@@ -526,7 +526,7 @@ DefragTracker *DefragGetTrackerFromHash (Packet *p)
     dt = hb->head;
 
     /* see if this is the tracker we are looking for */
-    if (DefragTrackerCompare(dt, p) == 0) {
+    if (dt->remove || DefragTrackerCompare(dt, p) == 0) {
         DefragTracker *pdt = NULL; /* previous tracker */
 
         while (dt) {