On 7/30/07, David Miller <[EMAIL PROTECTED]> wrote: > From: Flavio Leitner <[EMAIL PROTECTED]> > Date: Mon, 30 Jul 2007 13:04:48 -0300 > > > > > The sock_copy() function uses memcpy() to clone the socket > > including the struct ip_mc_socklist *mc_list pointer. > > > > The ip_mc_drop_socket() function is called when socket is closed > > to free these objects leaving the other sockets cloned from the > > same master socket with invalid pointers. > > > > This patch sets mc_list of cloned socket to NULL. > > > > Signed-off-by: Flavio Leitner <[EMAIL PROTECTED]> > > Allowing non-datagram sockets to end up with a non-NULL inet->mc_list > in the first place is a bug. > > Multicast subscriptions cannot even be used with TCP and DCCP, which > are the only two users of these connection oriented socket functions. > > The first thing that TCP and DCCP do, in fact, for input packet > processing is drop the packet if it is not unicast. > > Therefore the fix really is for the inet layer to reject multicast > subscription requests on sockets for which that absolutely does not > make sense. There is no reason these functions in > inet_connection_sock.c should need to be mindful of multicast > state. :-)
Well, we can add a BUG_ON there then 8) Flavio, take a look at do_ip_setsockopt in net/ipv4/ip_sockglue.c, in the IP_{ADD,DROP}_MEMBERSHIP labels. Don't forget IPV6 (net/ipv6/ipv6_sockglue.c) - Arnaldo - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html