From c16d674c2d02ebbcbbebe4c52eee8a0b4bcf3676 Mon Sep 17 00:00:00 2001
From: Enji Cooper <ngie@FreeBSD.org>
Date: Tue, 12 Jan 2016 00:20:57 +0000
Subject: [PATCH] Fix a mismerge from NetBSD in r162194 with
 `xdr_rpcb_entry_list_ptr(..)`

This fixes the potential NULL pointer dereference properly, and also fixes
memory leaks encountered in the process of iterating through `*rp`.

MFC after: 1 week
Found by: Valgrind
Reported by: Dan Roberts <dan.roberts@isilon.com>
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
---
 lib/libc/rpc/rpcb_prot.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libc/rpc/rpcb_prot.c b/lib/libc/rpc/rpcb_prot.c
index b793eca31cf5..2b87f347a4c9 100644
--- a/lib/libc/rpc/rpcb_prot.c
+++ b/lib/libc/rpc/rpcb_prot.c
@@ -207,14 +207,14 @@ xdr_rpcb_entry_list_ptr(XDR *xdrs, rpcb_entry_list_ptr *rp)
 		 * the case of freeing we must remember the next object
 		 * before we free the current object ...
 		 */
-		if (freeing)
+		if (freeing && *rp)
 			next = (*rp)->rpcb_entry_next;
 		if (! xdr_reference(xdrs, (caddr_t *)rp,
 		    (u_int)sizeof (rpcb_entry_list),
 				    (xdrproc_t)xdr_rpcb_entry)) {
 			return (FALSE);
 		}
-		if (freeing && *rp) {
+		if (freeing) {
 			next_copy = next;
 			rp = &next_copy;
 			/*