[src/trunk]: src/sys/netinet6 Avoid NULL pointer dereference on imm->i6mm_maddr

[ozaki-r <ozaki-r%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/417a8e880977
branches:  trunk
changeset: 319415:417a8e880977
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Tue May 29 04:37:16 2018 +0000

description:
Avoid NULL pointer dereference on imm->i6mm_maddr

diffstat:

 sys/netinet6/in6.c |  8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diffs (31 lines):

diff -r 186f796e0892 -r 417a8e880977 sys/netinet6/in6.c
--- a/sys/netinet6/in6.c        Tue May 29 04:36:47 2018 +0000
+++ b/sys/netinet6/in6.c        Tue May 29 04:37:16 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: in6.c,v 1.266 2018/05/01 07:21:39 maxv Exp $   */
+/*     $NetBSD: in6.c,v 1.267 2018/05/29 04:37:16 ozaki-r Exp $        */
 /*     $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $   */
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.266 2018/05/01 07:21:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.267 2018/05/29 04:37:16 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1405,9 +1405,11 @@
     again:
        mutex_enter(&in6_ifaddr_lock);
        while ((imm = LIST_FIRST(&ia->ia6_memberships)) != NULL) {
+               struct in6_multi *in6m = imm->i6mm_maddr;
+               KASSERT(in6m == NULL || in6m->in6m_ifp == ifp);
                LIST_REMOVE(imm, i6mm_chain);
                mutex_exit(&in6_ifaddr_lock);
-               KASSERT(imm->i6mm_maddr->in6m_ifp == ifp);
+
                in6_leavegroup(imm);
                goto again;
        }