Call if_put(9) after we finish with `ia' within ip_getmoptions().

if_put(9) call means we finish work with `ifp' and it could be destroyed.
`ia' is the pointer to 'in_ifaddr' data belongs to `ifp', so we need to
release corresponding `ifp' after we finish deal with `ia'.

`if_addrlist' list destruction and ip_getmoptions() are serialized with
kernel and net locks so this is not critical, but looks inconsistent.

ok bluhm@

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 8da5d84..fa4d5ba 100644 (file)
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip_output.c,v 1.380 2022/01/04 06:32:39 yasuoka Exp $ */
+/*     $OpenBSD: ip_output.c,v 1.381 2022/05/25 19:48:46 mvs Exp $     */
 /*     $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $  */
 
 /*
@@ -1727,9 +1727,9 @@ ip_getmoptions(int optname, struct ip_moptions *imo, struct mbuf *m)
                        addr->s_addr = INADDR_ANY;
                else {
                        IFP_TO_IA(ifp, ia);
-                       if_put(ifp);
                        addr->s_addr = (ia == NULL) ? INADDR_ANY
                                        : ia->ia_addr.sin_addr.s_addr;
+                       if_put(ifp);
                }
                return (0);