From 3d5104182c2eb4336905e89aa0d089b67aa746e3 Mon Sep 17 00:00:00 2001
From: John-Mark Gurney <jmg@FreeBSD.org>
Date: Mon, 28 Jun 2021 18:09:14 -0700
Subject: [PATCH] ued may be NULL here which will cause a panic... reproducable
 by simply doing a usbconfig reset on a device which doesn't reset itself
 properly...

---
 sys/dev/usb/net/if_cdce.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/sys/dev/usb/net/if_cdce.c b/sys/dev/usb/net/if_cdce.c
index 64c31896d41..24813ea305e 100644
--- a/sys/dev/usb/net/if_cdce.c
+++ b/sys/dev/usb/net/if_cdce.c
@@ -709,18 +709,18 @@ alloc_transfers:
 	if ((ued == NULL) || (ued->bLength < sizeof(*ued))) {
 		error = USB_ERR_INVAL;
 	} else {
+		/*
+		 * ECM 1.2 doesn't say it excludes the CRC, but states that it's
+		 * normally 1514, which excludes the CRC.
+		 */
+		DPRINTF("max segsize: %d\n", UGETW(ued->wMaxSegmentSize));
+		if (UGETW(ued->wMaxSegmentSize) >= (ETHER_MAX_LEN - ETHER_CRC_LEN + ETHER_VLAN_ENCAP_LEN))
+			sc->sc_flags |= CDCE_FLAG_VLAN;
+
 		error = usbd_req_get_string_any(uaa->device, NULL, 
 		    eaddr_str, sizeof(eaddr_str), ued->iMacAddress);
 	}
 
-	/*
-	 * ECM 1.2 doesn't say it excludes the CRC, but states that it's
-	 * normally 1514, which excludes the CRC.
-	 */
-	DPRINTF("max segsize: %d\n", UGETW(ued->wMaxSegmentSize));
-	if (UGETW(ued->wMaxSegmentSize) >= (ETHER_MAX_LEN - ETHER_CRC_LEN + ETHER_VLAN_ENCAP_LEN))
-		sc->sc_flags |= CDCE_FLAG_VLAN;
-
 	if (error) {
 		/* fake MAC address */