When a GRE packet goes to "decline", the mbuf pointer was not updated

properly.  This had caused an panic when the mbuf pointer is updated.
Found by IIJ.

ok dlg

diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c
index 4840bf3..1c9a9bd 100644 (file)
--- a/sys/net/if_gre.c
+++ b/sys/net/if_gre.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_gre.c,v 1.123 2018/05/28 00:14:54 dlg Exp $ */
+/*     $OpenBSD: if_gre.c,v 1.124 2018/07/24 07:40:35 yasuoka Exp $ */
 /*     $NetBSD: if_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */
 
 /*
@@ -1152,7 +1152,7 @@ gre_input_key(struct mbuf **mp, int *offp, int type, int af,
        (*input)(ifp, m);
        return (IPPROTO_DONE);
 decline:
-       mp = &m;
+       *mp = m;
        return (-1);
 }