diff mbox series

[SRU,K/J,1/1] UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461

Message ID 20230203105755.221545-2-stefan.bader@canonical.com
State New
Headers show
Series Fix regression introduced by CVE-2023-0461 fix | expand

Commit Message

Stefan Bader Feb. 3, 2023, 10:57 a.m. UTC 
When adding "net/ulp: prevent ULP without clone op from entering the
LISTEN status" code which changed the error code variable was added.
However, without a different v6.2 change which lets ->get_port() return
a proper errno, we rely on the pre-set value or the error variable.
Adding this right before the call to make it clear where it is needed.

CVE-2023-0461
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---
 net/ipv4/inet_connection_sock.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Andy Whitcroft Feb. 3, 2023, 1:57 p.m. UTC | #1 
On Fri, Feb 3, 2023 at 10:58 AM Stefan Bader <stefan.bader@canonical.com> wrote:
>
> When adding "net/ulp: prevent ULP without clone op from entering the
> LISTEN status" code which changed the error code variable was added.
> However, without a different v6.2 change which lets ->get_port() return
> a proper errno, we rely on the pre-set value or the error variable.
> Adding this right before the call to make it clear where it is needed.
>
> CVE-2023-0461
> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
> ---
>  net/ipv4/inet_connection_sock.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
> index eb04214bd648..99ee5c973140 100644
> --- a/net/ipv4/inet_connection_sock.c
> +++ b/net/ipv4/inet_connection_sock.c
> @@ -1050,7 +1050,7 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
>  {
>         struct inet_connection_sock *icsk = inet_csk(sk);
>         struct inet_sock *inet = inet_sk(sk);
> -       int err = -EADDRINUSE;
> +       int err;
>
>         err = inet_ulp_can_listen(sk);
>         if (unlikely(err))
> @@ -1067,6 +1067,8 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
>          * after validation is complete.
>          */
>         inet_sk_state_store(sk, TCP_LISTEN);
> +       /* get_port does not return an error code, yet */
> +       err = -EADDRINUSE;
>         if (!sk->sk_prot->get_port(sk, inet->inet_num)) {
>                 inet->inet_sport = htons(inet->inet_num);
>
> --
> 2.34.1

Acked-by: Andy Whitcroft <apw@canonical.com>

-apw
diff mbox series

Patch

diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index eb04214bd648..99ee5c973140 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -1050,7 +1050,7 @@  int inet_csk_listen_start(struct sock *sk, int backlog)
 {
 	struct inet_connection_sock *icsk = inet_csk(sk);
 	struct inet_sock *inet = inet_sk(sk);
-	int err = -EADDRINUSE;
+	int err;
 
 	err = inet_ulp_can_listen(sk);
 	if (unlikely(err))
@@ -1067,6 +1067,8 @@  int inet_csk_listen_start(struct sock *sk, int backlog)
 	 * after validation is complete.
 	 */
 	inet_sk_state_store(sk, TCP_LISTEN);
+	/* get_port does not return an error code, yet */
+	err = -EADDRINUSE;
 	if (!sk->sk_prot->get_port(sk, inet->inet_num)) {
 		inet->inet_sport = htons(inet->inet_num);