[SRU K/J][PATCH 1/1] UBUNTU: SAUCE: Fix inet_csk_listen_start after CVE-2023-0461
Andy Whitcroft
apw at canonical.com
Fri Feb 3 13:57:12 UTC 2023
On Fri, Feb 3, 2023 at 10:58 AM Stefan Bader <stefan.bader at canonical.com> wrote:
>
> When adding "net/ulp: prevent ULP without clone op from entering the
> LISTEN status" code which changed the error code variable was added.
> However, without a different v6.2 change which lets ->get_port() return
> a proper errno, we rely on the pre-set value or the error variable.
> Adding this right before the call to make it clear where it is needed.
>
> CVE-2023-0461
> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
> ---
> net/ipv4/inet_connection_sock.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
> index eb04214bd648..99ee5c973140 100644
> --- a/net/ipv4/inet_connection_sock.c
> +++ b/net/ipv4/inet_connection_sock.c
> @@ -1050,7 +1050,7 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
> {
> struct inet_connection_sock *icsk = inet_csk(sk);
> struct inet_sock *inet = inet_sk(sk);
> - int err = -EADDRINUSE;
> + int err;
>
> err = inet_ulp_can_listen(sk);
> if (unlikely(err))
> @@ -1067,6 +1067,8 @@ int inet_csk_listen_start(struct sock *sk, int backlog)
> * after validation is complete.
> */
> inet_sk_state_store(sk, TCP_LISTEN);
> + /* get_port does not return an error code, yet */
> + err = -EADDRINUSE;
> if (!sk->sk_prot->get_port(sk, inet->inet_num)) {
> inet->inet_sport = htons(inet->inet_num);
>
> --
> 2.34.1
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list