From 5c267d54d73e45d7773f26deb6676524faf24527 Mon Sep 17 00:00:00 2001
From: ngie <ngie@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Fri, 10 Jun 2016 14:40:41 +0000
Subject: [PATCH] MFC r299491: r299491 (by cem):

route6d(8): Fix potential double-free

In the case that the subsequent sysctl(3) call failed, 'buf' could be free(3)ed
repeatedly.  It isn't clear to me that that case is possible, but be clear and
do the right thing in case it is.

CID:		272537


git-svn-id: svn://svn.freebsd.org/base/stable/10@301789 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 usr.sbin/route6d/route6d.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/route6d/route6d.c b/usr.sbin/route6d/route6d.c
index 053d8728d..287a9b1d9 100644
--- a/usr.sbin/route6d/route6d.c
+++ b/usr.sbin/route6d/route6d.c
@@ -2602,8 +2602,10 @@ krtread(int again)
 			sleep(1);
 		retry++;
 		errmsg = NULL;
-		if (buf)
+		if (buf) {
 			free(buf);
+			buf = NULL;
+		}
 		if (sysctl(mib, 6, NULL, &msize, NULL, 0) < 0) {
 			errmsg = "sysctl estimate";
 			continue;
-- 
2.45.0