CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/12/15 08:58:01
Modified files:
sys/netinet : igmp.c
Log message:
Syzkaller found a dereference in igmp_leavegroup() where inm->inm_rti
is NULL. It should be set in rti_fill(), but is not if malloc(9)
fails. There is no rollback after malloc failure so the field stays
uninitialized. The code is only called from ioctl, setsockopt or
a task. Malloc should wait instead of failing, otherwise syscalls
would be unreliable. While there also put an M_WAIT in the init
code. During init malloc must not fail.
OK mvs@
Reported-by: [email protected]
