Hi,
if an unsupported family is used, the code might do null pointer dereference
in m !=0 case (th isn't initialized in that case in the switch(family) code).
Is it really as it seems or do I miss something ? Futhermore, the code
"pasifies gcc" by setting ip, ip6 & th to NULL - that is just bogus, it leads
to NULL pointer dereference later. It should return EAFNOTSUPPORT in that
case IMHO.

IMHO the code should be changed as in the following patch. Is it correct
or did I overlook something obvious ?

Index: tcp_subr.c
===================================================================
RCS file: /cvsroot/syssrc/sys/netinet/tcp_subr.c,v
retrieving revision 1.81
diff -u -p -r1.81 tcp_subr.c
--- tcp_subr.c	1999/09/23 04:02:27	1.81
+++ tcp_subr.c	1999/11/03 12:47:05
@@ -438,13 +438,8 @@ tcp_respond(tp, template, m, th0, ack, s
 			th = (struct tcphdr *)(ip6 + 1);
 			break;
 #endif
-		default:	/*pacify gcc*/
-			ip = NULL;
-#ifdef INET6
-			ip6 = NULL;
-#endif
-			th = NULL;
-			break;
+		default:
+			return EAFNOSUPPORT;
 		}
 		flags = TH_ACK;
 	} else {
@@ -461,8 +456,7 @@ tcp_respond(tp, template, m, th0, ack, s
 			break;
 #endif
 		default:
-			if (m)
-				m_freem(m);
+			m_freem(m);
 			return EAFNOSUPPORT;
 		}
 
@@ -493,6 +487,9 @@ tcp_respond(tp, template, m, th0, ack, s
 			ip6->ip6_nxt = IPPROTO_TCP;
 			break;
 #endif
+		default:
+			m_freem(m);
+			return EAFNOSUPPORT;
 		}
 		*th = *th0;
 		xchg(th->th_dport, th->th_sport, u_int16_t);
Jaromir
-- 
Jaromir Dolecek <dolecek@ics.muni.cz>	http://www.ics.muni.cz/~dolecek/
-------------------------------------------------------------------------
It is better never to have been born.  But who among us has such luck?
One in a million, perhaps.