From d54a28ed6ca2798ebac1ed8809da7d296039e4f0 Mon Sep 17 00:00:00 2001
From: mitmitmitm <ois@oasd8i.at>
Date: Wed, 27 Sep 2023 12:29:18 +0200
Subject: [PATCH] [ipfw] Fix memory leak when parsing ipv6

---
 lib/ipfw/ipv6.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/ipfw/ipv6.c b/lib/ipfw/ipv6.c
index 0871a8899..f656333ed 100644
--- a/lib/ipfw/ipv6.c
+++ b/lib/ipfw/ipv6.c
@@ -338,6 +338,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
 {
 	int len = 0;
 	struct in6_addr *d = &(cmd->addr6);
+	char *av1;
 	/*
 	 * Needed for multiple address.
 	 * Note d[1] points to struct in6_add r mask6 of cmd
@@ -375,7 +376,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
 		return (1);
 	}
 
-	av = strdup(av);
+	av1 = av = strdup(av);
 	while (av) {
 		/*
 		 * After the address we can have '/' indicating a mask,
@@ -451,7 +452,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
 	if (len + 1 > F_LEN_MASK)
 		errx(EX_DATAERR, "address list too long");
 	cmd->o.len |= len+1;
-	free(av);
+	free(av1);
 	return (1);
 }