CVSROOT: /cvs Module name: src Changes by: [email protected] 2026/05/27 02:28:35
Modified files:
usr.sbin/bgpd : rde_rib.c
Log message:
Move pt_unref() after the RB_REMOVE() call in rib_remove() to
prevent use-after-free.
rib_remove calls pt_unref() before the RB_REMOVE() call which also uses
re_rib(). re_rib() evaluates re->prefix but pt_unref() could free the
prefix if the refcount drops to 0.
Reported by 7Asecurity
OK tb@
