[SRU K/J][PATCH 1/1] UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461
Stefan Bader
stefan.bader at canonical.com
Fri Feb 3 10:57:55 UTC 2023
When adding "net/ulp: prevent ULP without clone op from entering the
LISTEN status" code which changed the error code variable was added.
However, without a different v6.2 change which lets ->get_port() return
a proper errno, we rely on the pre-set value or the error variable.
Adding this right before the call to make it clear where it is needed.
CVE-2023-0461
Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
---
net/ipv4/inet_connection_sock.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index eb04214bd648..99ee5c973140 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -1050,7 +1050,7 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
{
struct inet_connection_sock *icsk = inet_csk(sk);
struct inet_sock *inet = inet_sk(sk);
- int err = -EADDRINUSE;
+ int err;
err = inet_ulp_can_listen(sk);
if (unlikely(err))
@@ -1067,6 +1067,8 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
* after validation is complete.
*/
inet_sk_state_store(sk, TCP_LISTEN);
+ /* get_port does not return an error code, yet */
+ err = -EADDRINUSE;
if (!sk->sk_prot->get_port(sk, inet->inet_num)) {
inet->inet_sport = htons(inet->inet_num);
--
2.34.1
More information about the kernel-team
mailing list