On Wed, Apr 18, 2018 at 05:03:04PM +0200, Florian Obser wrote:
> @@ -1158,9 +1158,9 @@ rt_ifa_del(struct ifaddr *ifa, int flags, struct
> sockaddr *dst)
> error = rtrequest_delete(&info, prio, ifp, &rt, rtableid);
> if (error == 0) {
> rtm_send(rt, RTM_DELETE, 0, rtableid);
> - if (flags & RTF_LOCAL)
> - rtm_addr(rt, RTM_DELADDR, ifa);
> rtfree(rt);
> + if (flags & RTF_LOCAL)
> + rtm_addr(RTM_DELADDR, ifa);
> }
> m_free(m);
>
Why do you change the order of rtfree() and rtm_addr()?
Have you checked that the rt->rt_ifa is not holding the last reference
to ifa? Otherwise the ifafree() in rtfree() could free it.
bluhm
