[ipfw] Fix memory leak when parsing ipv6

lib/ipfw/ipv6.c

@@ -338,6 +338,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
 {
 	int len = 0;
 	struct in6_addr *d = &(cmd->addr6);
+	char *av1;
 	/*
 	 * Needed for multiple address.
 	 * Note d[1] points to struct in6_add r mask6 of cmd
@@ -375,7 +376,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
 		return (1);
 	}
 
-	av = strdup(av);
+	av1 = av = strdup(av);
 	while (av) {
 		/*
 		 * After the address we can have '/' indicating a mask,
@@ -451,7 +452,7 @@ fill_ip6(ipfw_insn_ip6 *cmd, char *av, int cblen)
 	if (len + 1 > F_LEN_MASK)
 		errx(EX_DATAERR, "address list too long");
 	cmd->o.len |= len+1;
-	free(av);
+	free(av1);
 	return (1);
 }