The sock_copy() function uses memcpy() to clone the socket including the struct ip_mc_socklist *mc_list pointer.
The ip_mc_drop_socket() function is called when socket is closed to free these objects leaving the other sockets cloned from the same master socket with invalid pointers. This patch sets mc_list of cloned socket to NULL. Signed-off-by: Flavio Leitner <[EMAIL PROTECTED]> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index fbe7714..8ee0f54 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c @@ -506,6 +506,8 @@ struct sock *inet_csk_clone(struct sock *sk, const struct request_sock *req, newicsk->icsk_backoff = 0; newicsk->icsk_probes_out = 0; + inet_sk(inet)->mc_list = NULL; + /* Deinitialize accept_queue to trap illegal accesses. */ memset(&newicsk->icsk_accept_queue, 0, sizeof(newicsk->icsk_accept_queue)); -- 1.5.2.4 -- Flavio - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html