From c6770e8c99abade057bee6ef25f3c2e076ebdce1 Mon Sep 17 00:00:00 2001
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Sat, 6 Apr 2024 09:55:46 +0200
Subject: [PATCH] tcp rack: fix memory corruption

When in rack_output() jumping to the label out, don't write errno into
the log buffer, since the pointer is not initialized.

Reported by:		Coverity Scan
CID:			1523773
Reviewed by:		rscheff
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D44647

(cherry picked from commit d902c8f55b8da6902ab45e67ed756cc99f5a9d5a)
---
 sys/netinet/tcp_stacks/rack.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index c3460e48329..fa3cd2f4f69 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -22151,12 +22151,12 @@ send:
 			mtu = inp->inp_route.ro_nh->nh_mtu;
 	}
 #endif				/* INET */
-
-out:
 	if (lgb) {
 		lgb->tlb_errno = error;
 		lgb = NULL;
 	}
+
+out:
 	/*
 	 * In transmit state, time the transmission and arrange for the
 	 * retransmit.  In persist state, just set snd_max.