...
The vulnerability occurs because sk is initialized to tun->sk before checking if tun is equal to NULL. Of course, this should be done first because the GCC compiler (in this case) optimize it and completely remove the if (!tun) check because it is performed after the assignment. As a result, the above vulnerability can result in a null pointer dereference exploit.
...