From: Vitaliy Makkoveev <mvs@openbsd.org>
Subject: Allown listen(2) only on sockets of type SOCK_STREAM or SOCK_SEQPACKET
To: tech@openbsd.org, Alexander Bluhm <bluhm@openbsd.org>
Date: Sun, 31 Mar 2024 16:05:57 +0300

Syzkaller found that SOCK_DGRAM coould became listening socket, which is
wrong.

1. https://syzkaller.appspot.com/bug?extid=00450333592fcd38c6fe

Index: sys/kern/uipc_socket.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.323
diff -u -p -r1.323 uipc_socket.c
--- sys/kern/uipc_socket.c	27 Mar 2024 22:47:53 -0000	1.323
+++ sys/kern/uipc_socket.c	31 Mar 2024 13:04:01 -0000
@@ -231,6 +231,14 @@ solisten(struct socket *so, int backlog)
 	int sominconn_local = READ_ONCE(sominconn);
 	int error;
 
+	switch (so->so_type) {
+	case SOCK_STREAM:
+	case SOCK_SEQPACKET:
+		break;
+	default:
+		return (EOPNOTSUPP);
+	}
+
 	soassertlocked(so);
 
 	if (so->so_state & (SS_ISCONNECTED|SS_ISCONNECTING|SS_ISDISCONNECTING))