rde_reload_done() iterates over all ribs and reloads them.

Now if the state is RECONF_DELETE the rib is freed but the code then
progresses and accesses rib after the switch statement.

The simplest fix is to use a continue (for the for loop) instead of a
break in the RECONF_DELETE case. An other option is to set rib to NULL
and then check after the switch statement if rib == NULL.

Fix for CID 492352 and CID 492343
-- 
:wq Claudio

Index: bgpctl.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
diff -u -p -r1.317 bgpctl.c
--- bgpctl.c	10 Mar 2025 14:08:25 -0000	1.317
+++ bgpctl.c	3 Nov 2025 22:01:57 -0000
@@ -1690,7 +1690,7 @@ show_mrt_update(struct ibuf *b, int reqf
 		uint16_t attrlen;
 		uint8_t flags;
 
-		ibuf_from_ibuf(&abuf, &attrbuf);
+		ibuf_from_ibuf(&attrbuf, &abuf);
 		if (ibuf_get_n8(&attrbuf, &flags) == -1 ||
 		    ibuf_skip(&attrbuf, 1) == -1)
 			goto trunc;