From a460ae4b4c15dbf95cc3b7caf08835a019c76d45 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Wed, 5 Apr 2006 08:45:59 +0000
Subject: [PATCH] Don't unlock a timewait structure if the pointer is NULL in
 tcp_timewait().  This corrects a bug (or lack of fixing of a bug) in
 tcp_input.c:1.295.

Submitted by:	Kazuaki Oda <kaakun at highway dot ne dot jp>
MFC after:	3 months
---
 sys/netinet/tcp_input.c | 3 ++-
 sys/netinet/tcp_reass.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index ad94e76b7aa8..0532f71b5d9e 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -3272,7 +3272,8 @@ tcp_timewait(tw, to, th, m, tlen)
 	return (0);
 
 drop:
-	INP_UNLOCK(tw->tw_inpcb);
+	if (tw != NULL)
+		INP_UNLOCK(tw->tw_inpcb);
 	m_freem(m);
 	return (0);
 }
diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c
index ad94e76b7aa8..0532f71b5d9e 100644
--- a/sys/netinet/tcp_reass.c
+++ b/sys/netinet/tcp_reass.c
@@ -3272,7 +3272,8 @@ tcp_timewait(tw, to, th, m, tlen)
 	return (0);
 
 drop:
-	INP_UNLOCK(tw->tw_inpcb);
+	if (tw != NULL)
+		INP_UNLOCK(tw->tw_inpcb);
 	m_freem(m);
 	return (0);
 }