From 883cd89b05a4fbf2834ff5410573cd3165a4c248 Mon Sep 17 00:00:00 2001
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Fri, 2 Feb 2018 07:39:34 +0000
Subject: [PATCH] Merge r1.120 from NetBSD:   Fix a pretty simple, yet pretty
 tragic typo: we should return IPPROTO_DONE,   not IPPROTO_NONE. With
 IPPROTO_NONE we will keep parsing the header chain   on an mbuf that was
 already freed.

Reported by:	Maxime Villard <max at m00nbsd dot net>
MFC after:	3 days
---
 sys/netinet6/ip6_mroute.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c
index aa3269d493d..524d35a27d9 100644
--- a/sys/netinet6/ip6_mroute.c
+++ b/sys/netinet6/ip6_mroute.c
@@ -1857,7 +1857,7 @@ pim6_input(struct mbuf **mp, int *offp, int proto)
 			    "of the inner packet",
 			    (eip6->ip6_vfc & IPV6_VERSION));
 			m_freem(m);
-			return (IPPROTO_NONE);
+			return (IPPROTO_DONE);
 		}
 
 		/* verify the inner packet is destined to a mcast group */