K 10
svn:author
V 2
cy
K 8
svn:date
V 27
2018-01-09T06:43:58.874624Z
K 7
svn:log
V 837
When growing the state, also grow the seed array. Otherwise memory
that was not allocated will be accessed.

This necessitated refactoring state seed allocation from
ipf_state_soft_init() into a new common ipf_state_seed_alloc() function
as it is now also used by ipf_state_rehash() when changing the size of
the state hash table in addition to by ipf_state_soft_init() during
initialization.

According to Christos Zoulas <christos@NetBSD.org>:

The bug was encountered by a NetBSD vendor who's customer machines had
large ipfilter states. The bug was reliably triggered by resizing the
state variables using "ipf -T".

Submitted by:	Christos Zoulas <christos@NetBSD.org>
Reviewed by:	delphij, rgrimes
Obtained from:	NetBSD ip_state.c CVS revs r1.9 and r1.10
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D13755

END