ipsec4_fixup_checksum calls m_pullup, so don't forget to do mtod() again,

to prevent use-after-free.

In fact, the m_pullup call is never reached: it is impossible for 'skip'
to be zero in this function, so add an XXX for now.

sys/netipsec/ipsec_input.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.53 2018/01/23 02:21:49 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.54 2018/01/24 14:01:40 maxv Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.53 2018/01/23 02:21:49 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.54 2018/01/24 14:01:40 maxv Exp $");
 
 /*
  * IPsec input processing.
@@ -370,6 +370,7 @@ cantpull:
 		ip->ip_sum = 0;
 		ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
 	} else {
+		/* XXX this branch is never taken */
 		ip = mtod(m, struct ip *);
 	}
 
@@ -381,6 +382,7 @@ cantpull:
 	m = ipsec4_fixup_checksum(m);
 	if (m == NULL)
 		goto cantpull;
+	ip = mtod(m, struct ip *);
 
 	prot = ip->ip_p;