The sock_copy() function uses memcpy() to clone the socket
including the struct ip_mc_socklist *mc_list pointer.
The ip_mc_drop_socket() function is called when socket is closed
to free these objects leaving the other sockets cloned from the
same master socket with invalid pointers.
This patch sets mc_list of cloned socket to NULL.
Signed-off-by: Flavio Leitner <[EMAIL PROTECTED]>
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index fbe7714..8ee0f54 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -506,6 +506,8 @@ struct sock *inet_csk_clone(struct sock *sk, const struct
request_sock *req,
newicsk->icsk_backoff = 0;
newicsk->icsk_probes_out = 0;
+ inet_sk(inet)->mc_list = NULL;
+
/* Deinitialize accept_queue to trap illegal accesses. */
memset(&newicsk->icsk_accept_queue, 0,
sizeof(newicsk->icsk_accept_queue));
--
1.5.2.4
--
Flavio
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
