From a72277fea759cbbdc7dc99c6a75e99e3e7178d5a Mon Sep 17 00:00:00 2001 From: mvs Date: Wed, 25 May 2022 19:48:46 +0000 Subject: [PATCH] Call if_put(9) after we finish with `ia' within ip_getmoptions(). if_put(9) call means we finish work with `ifp' and it could be destroyed. `ia' is the pointer to 'in_ifaddr' data belongs to `ifp', so we need to release corresponding `ifp' after we finish deal with `ia'. `if_addrlist' list destruction and ip_getmoptions() are serialized with kernel and net locks so this is not critical, but looks inconsistent. ok bluhm@ --- sys/netinet/ip_output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 8da5d844009..fa4d5bafa4c 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.380 2022/01/04 06:32:39 yasuoka Exp $ */ +/* $OpenBSD: ip_output.c,v 1.381 2022/05/25 19:48:46 mvs Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -1727,9 +1727,9 @@ ip_getmoptions(int optname, struct ip_moptions *imo, struct mbuf *m) addr->s_addr = INADDR_ANY; else { IFP_TO_IA(ifp, ia); - if_put(ifp); addr->s_addr = (ia == NULL) ? INADDR_ANY : ia->ia_addr.sin_addr.s_addr; + if_put(ifp); } return (0); -- 2.20.1