Please sign in to comment.
dccp/tcp: do not inherit mc_list from parent
syzkaller found a way to trigger double frees from ip_mc_drop_socket() It turns out that leave a copy of parent mc_list at accept() time, which is very bad. Very similar to commit 8b485ce ("tcp: do not inherit fastopen_req from parent") Initial report from Pray3r, completed by Andrey one. Thanks a lot to them ! Signed-off-by: Eric Dumazet <firstname.lastname@example.org> Reported-by: Pray3r <email@example.com> Reported-by: Andrey Konovalov <firstname.lastname@example.org> Tested-by: Andrey Konovalov <email@example.com> Signed-off-by: David S. Miller <firstname.lastname@example.org>
- Loading branch information...