From f42cb94672dcb183651e7da9cdacce657e1a5ccf Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Mon, 29 May 2017 12:48:11 +0000
Subject: [PATCH] Fix crash in IMSG_CTL_SHOW_RIB_PREFIX handling. The ctx is
 not added to the list in that case so don't try to LIST_REMOVE it. Problem
 found by benno@

---
 usr.sbin/bgpd/rde.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c
index 22c74a4b616..3c27e06e1ca 100644
--- a/usr.sbin/bgpd/rde.c
+++ b/usr.sbin/bgpd/rde.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde.c,v 1.366 2017/05/28 20:15:02 claudio Exp $ */
+/*	$OpenBSD: rde.c,v 1.367 2017/05/29 12:48:11 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -2476,7 +2476,12 @@ rde_dump_done(void *arg)
 
 	imsg_compose(ibuf_se_ctl, IMSG_CTL_END, 0, ctx->req.pid,
 	    -1, NULL, 0);
-	LIST_REMOVE(ctx, entry);
+	/*
+	 * ctx is not linked for IMSG_CTL_SHOW_RIB_PREFIX because it
+	 * does not need to use rib_dump_r
+	 */
+	if (ctx->req.type != IMSG_CTL_SHOW_RIB_PREFIX)
+		LIST_REMOVE(ctx, entry);
 	free(ctx);
 }
 
-- 
2.20.1