From owner-freebsd-net@FreeBSD.ORG  Wed Sep  9 22:54:49 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 183C71065693
	for <freebsd-net@freebsd.org>; Wed,  9 Sep 2009 22:54:49 +0000 (UTC)
	(envelope-from bms@incunabulum.net)
Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com
	[66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id DF1A68FC16
	for <freebsd-net@freebsd.org>; Wed,  9 Sep 2009 22:54:48 +0000 (UTC)
Received: from compute1.internal (compute1.internal [10.202.2.41])
	by gateway1.messagingengine.com (Postfix) with ESMTP id 240D969080;
	Wed,  9 Sep 2009 18:54:47 -0400 (EDT)
Received: from heartbeat2.messagingengine.com ([10.202.2.161])
	by compute1.internal (MEProxy); Wed, 09 Sep 2009 18:54:47 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com;
	h=message-id:date:from:mime-version:to:cc:subject:content-type:content-transfer-encoding;
	s=smtpout; bh=t0qyLM+vI5fD+tF3/5fEv4+/8Qg=;
	b=l3Rnn4UF+2BFyJC1dZPm/acLoLNCn+i17niWL9DrGbcImaM/+AvUwyI+AVLXjkwK9ja1B02WwLas4np8VxTkKrpol52HVbrDB+k/itk9YQ88ovBmcC9VfGD2h9G2Qm992XIY0p57GNVWmnKyoJrPpCTNx7DPUxM7EuMIwDsDW7c=
X-Sasl-enc: cR7RHB5aSVVJAJ1M4UHnLeaVA/O9FpKPD+4v8XD57Pv8 1252536886
Received: from [192.168.123.18]
	(82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254])
	by mail.messagingengine.com (Postfix) with ESMTPSA id 7971C5A55;
	Wed,  9 Sep 2009 18:54:46 -0400 (EDT)
Message-ID: <4AA83230.4070405@incunabulum.net>
Date: Wed, 09 Sep 2009 23:54:40 +0100
From: Bruce Simpson <bms@incunabulum.net>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: stef@memberwebs.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org>
Subject: Re: [patch] Multicast: uninited memory used in filter at
 IP_DROP_MEMBERSHIP + IP_ADD_MEMBERSHIP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2009 22:54:49 -0000

Stef Walter wrote:
> ...
> Patch is attached which fixes the problem. Is this the right approach?
> If not, I hope it helps highlight the problem area.
>   

Good catch; thanks for the fix. I used to depend on imf being 
initialized to NULL in this function, however, I opted to keep the old 
vector-style allocation scheme for in_mfilter and track it with in_multi 
on the socket. If the descriptor slot got recycled, then the imf 
contents will be invalid as you saw.

I think this can probably go right in as-is. I'm supposed to be looking 
at other stuff now, so hopefully syrinx@ can check this in if I don't 
get around to it.

thanks,
BMS