From 0b279f8c94c15c8aea63c92d0799ff16a96eaafc Mon Sep 17 00:00:00 2001
From: "Pedro F. Giffuni" <pfg@FreeBSD.org>
Date: Sat, 14 May 2016 23:07:26 +0000
Subject: routed: Fix use after free.

For the multihomed case, ifp be used after being freed. NULL the value
after freeing it and avoid getting into the branch without reassigning
a new value.

CID:		272671
Obtained from:	NetBSD
MFC after:	2 weeks
---
 sbin/routed/if.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sbin')

diff --git a/sbin/routed/if.c b/sbin/routed/if.c
index fadb9afbdafd..b59186a9c818 100644
--- a/sbin/routed/if.c
+++ b/sbin/routed/if.c
@@ -955,6 +955,7 @@ ifinit(void)
 						  (intmax_t)now.tv_sec -
 						      ifp->int_data.ts);
 					ifdel(ifp);
+					ifp = NULL;
 				}
 				continue;
 			}
@@ -1151,7 +1152,7 @@ ifinit(void)
 	/* If we are multi-homed, optionally advertise a route to
 	 * our main address.
 	 */
-	if (advertise_mhome
+	if ((advertise_mhome && ifp)
 	    || (tot_interfaces > 1
 		&& mhome
 		&& (ifp = ifwithaddr(myaddr, 0, 0)) != NULL
-- 
cgit v1.3