Fix add_rtattr_addr.

The second argument to RTA_NEXT was missing a dereference, so it was
changing the pointer rather than the integer pointed to. I got this
assertion failure with an IPv6 link-local address:

nmap: netutil.cc:3048: void add_rtattr_addr(nlmsghdr*, rtattr**, unsigned int*, unsigned char, const sockaddr_storage*): Assertion `((*len) >= (int)sizeof(struct rtattr) && (*rtattr)->rta_len >= sizeof(struct rtattr) && (*rtattr)->rta_len <= (*len))' failed.

libnetutil/netutil.cc

@@ -3035,7 +3035,7 @@ static void add_rtattr_addr(struct nlmsghdr *nlmsg,
   assert(RTA_OK(*rtattr, *len));
   memcpy(RTA_DATA(*rtattr), addr, addrlen);
   nlmsg->nlmsg_len = NLMSG_ALIGN(nlmsg->nlmsg_len) + (*rtattr)->rta_len;
-  *rtattr = RTA_NEXT(*rtattr, len);
+  *rtattr = RTA_NEXT(*rtattr, *len);
 
   /* Specific interface (sin6_scope_id) requested? */
   if (ifindex > 0) {
@@ -3048,7 +3048,7 @@ static void add_rtattr_addr(struct nlmsghdr *nlmsg,
     assert(RTA_OK(*rtattr, *len));
     *(uint32_t *) RTA_DATA(*rtattr) = ifindex;
     nlmsg->nlmsg_len = NLMSG_ALIGN(nlmsg->nlmsg_len) + (*rtattr)->rta_len;
-    *rtattr = RTA_NEXT(*rtattr, len);
+    *rtattr = RTA_NEXT(*rtattr, *len);
   }
 }