From e51a3248ad834ec1b8e697f9d26d693e6efc3295 Mon Sep 17 00:00:00 2001
From: Hiten Pandya <hmp@dragonflybsd.org>
Date: Sat, 11 Oct 2003 11:38:44 +0000
Subject: [PATCH] Correct unsafe use of realloc().

Obtained from:	FreeBSD (KAME commit by Hajimu UMEMOTO)
---
 sbin/ip6fw/ip6fw.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sbin/ip6fw/ip6fw.c b/sbin/ip6fw/ip6fw.c
index b5d406edd4..5ab4ba646a 100644
--- a/sbin/ip6fw/ip6fw.c
+++ b/sbin/ip6fw/ip6fw.c
@@ -49,7 +49,7 @@
  *
  * $Id: ip6fw.c,v 1.1.2.2.2.2 1999/05/14 05:13:50 shin Exp $
  * $FreeBSD: src/sbin/ip6fw/ip6fw.c,v 1.1.2.9 2003/04/05 10:54:51 ume Exp $
- * $DragonFly: src/sbin/ip6fw/ip6fw.c,v 1.4 2003/09/28 14:39:18 hmp Exp $
+ * $DragonFly: src/sbin/ip6fw/ip6fw.c,v 1.5 2003/10/11 11:38:44 hmp Exp $
  */
 
 #include <sys/types.h>
@@ -441,7 +441,7 @@ show_ip6fw(struct ip6_fw *chain)
 void
 list(int ac, char **av)
 {
-	struct ip6_fw *r, *rules;
+	struct ip6_fw *r, *rules, *n;
 	int l,i;
 	unsigned long rulenum;
 	int nalloc, bytes, maxbytes;
@@ -452,10 +452,10 @@ list(int ac, char **av)
 	bytes = nalloc;
 	maxbytes = 65536 * sizeof *rules;
 	while (bytes >= nalloc) {
-		nalloc = nalloc * 2 + 200;
-		bytes = nalloc;
-		if ((rules = realloc(rules, bytes)) == NULL)
+		if ((n = realloc(rules, nalloc * 2 + 200)) == NULL)
 			err(EX_OSERR, "realloc");
+		bytes = nalloc = nalloc * 2 + 200;
+		rules = n;
 		i = getsockopt(s, IPPROTO_IPV6, IPV6_FW_GET, rules, &bytes);
 		if ((i < 0 && errno != EINVAL) || nalloc > maxbytes)
 			err(EX_OSERR, "getsockopt(IPV6_FW_GET)");
-- 
2.41.0