From 175b38b9db1d424471b6a9d63269495d4766e56f Mon Sep 17 00:00:00 2001
From: andre <andre@FreeBSD.org>
Date: Wed, 18 Jan 2006 15:05:05 +0000
Subject: Prevent dereferencing a NULL route pointer when trying to update the
 route MTU.

This bug is very difficult to reach and not remotely exploitable.

Found by:	Coverity Prevent(tm)
Coverity ID:	CID162
Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 days
---
 sys/netinet/ip_output.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'sys/netinet/ip_output.c')

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index b8599e6..2124c74 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -790,7 +790,8 @@ passout:
 		 * them, there is no way for one to update all its
 		 * routes when the MTU is changed.
 		 */
-		if ((ro->ro_rt->rt_flags & (RTF_UP | RTF_HOST)) &&
+		if (ro != NULL &&
+		    (ro->ro_rt->rt_flags & (RTF_UP | RTF_HOST)) &&
 		    (ro->ro_rt->rt_rmx.rmx_mtu > ifp->if_mtu)) {
 			ro->ro_rt->rt_rmx.rmx_mtu = ifp->if_mtu;
 		}
-- 
cgit v1.1