From: Andrew Lunn <and...@lunn.ch>
Date: Wed, 25 Nov 2015 21:15:36 +0100
> @@ -2126,7 +2126,7 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn
> *imr)
> ASSERT_RTNL();
>
> in_dev = ip_mc_find_dev(net, imr);
> - if (!in_dev) {
> + if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) {
> ret = -ENODEV;
> goto out;
> }
Now, ip_mc_dec_group() below can take a NULL pointer dereference. One example
is if imr_ifindex is specified and the lookup returns NULL in ip_mc_find_dev().
This is so rediculously complicated, just looking at this code breaks something.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
