net/if.c: nullptr deref in if_hooks_run

[Tobias Heider]

Hi,

there seems to be a nullptr dereference in if_hooks_run.
When the inner while loop is exited because 't == NULL' the next
line is an access to 't->t_func'.
Because 't==NULL' means the TAILQ is fully traversed I think we
should break and exit instead.

ok?

Index: if.c
===================================================================
RCS file: /mount/openbsd/cvs/src/sys/net/if.c,v
retrieving revision 1.600
diff -u -p -r1.600 if.c
--- if.c        24 Jan 2020 05:14:51 -0000      1.600
+++ if.c        9 Mar 2020 21:25:06 -0000
@@ -1055,6 +1055,8 @@ if_hooks_run(struct task_list *hooks)
                        if (t == NULL)
                                break;
                }
+               if (t == NULL)
+                       break;
                func = t->t_func;
                arg = t->t_arg;