UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

When adding "net/ulp: prevent ULP without clone op from entering the LISTEN status" code which changed the error code variable was added. However, without a different v6.2 change which lets ->get_port() return a proper errno, we rely on the pre-set value or the error variable. Adding this right before the call to make it clear where it is needed. CVE-2023-0461 Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com>
mariux64 · Mar 13, 2023 · 4ac94e3 · 4ac94e3
1 parent 93de819
commit 4ac94e3
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
@@ -1048,7 +1048,7 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
 {
 	struct inet_connection_sock *icsk = inet_csk(sk);
 	struct inet_sock *inet = inet_sk(sk);
-	int err = -EADDRINUSE;
+	int err;
 
 	err = inet_ulp_can_listen(sk);
 	if (unlikely(err))
@@ -1065,6 +1065,8 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
 	 * after validation is complete.
 	 */
 	inet_sk_state_store(sk, TCP_LISTEN);
+	/* get_port does not return an error code, yet */
+	err = -EADDRINUSE;
 	if (!sk->sk_prot->get_port(sk, inet->inet_num)) {
 		inet->inet_sport = htons(inet->inet_num);