Fix use-afte-free in ip_reass() (CVE-2020-1983)
The q pointer is updated when the mbuf data is moved from m_dat to m_ext. m_ext buffer may also be realloc()'ed and moved during m_cat(): q should also be updated in this case. Reported-by:Aviv Sasson <asasson@paloaltonetworks.com> Signed-off-by:
Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by:
Samuel Thibault <samuel.thibault@ens-lyon.org>