[PATCH] Bluetooth: MGMT: Add error handling to pair_device()

From: Griffin Kroah-Hartman
Date: Thu Aug 15 2024 - 07:51:38 EST

Next message: Marcus Glocker: "Re: [PATCH v3 4/6] arm64: dts: qcom: Add UFS node"
Previous message: Jiri Olsa: "Re: NULL pointer deref when running BPF monitor program (6.11.0-rc1)"
Next in thread: patchwork-bot+bluetooth: "Re: [PATCH] Bluetooth: MGMT: Add error handling to pair_device()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.

Fixed by adding error handling in the function.

Reported-by: Yiwei Zhang <zhan4630@xxxxxxxxxx>
Cc: Stable <stable@xxxxxxxxxx>
Fixes: 5157b8a503fa ("Bluetooth: Fix initializing conn_params in scan phase")
Signed-off-by: Griffin Kroah-Hartman <griffin@xxxxxxxxx>
---
net/bluetooth/mgmt.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 40d4887c7f79..25979f4283a6 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -3456,6 +3456,10 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
* will be kept and this function does nothing.
*/
p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
+ if (!p) {
+ err = -EIO;
+ goto unlock;
+ }

if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
p->auto_connect = HCI_AUTO_CONN_DISABLED;
--
2.46.0

Next message: Marcus Glocker: "Re: [PATCH v3 4/6] arm64: dts: qcom: Add UFS node"
Previous message: Jiri Olsa: "Re: NULL pointer deref when running BPF monitor program (6.11.0-rc1)"
Next in thread: patchwork-bot+bluetooth: "Re: [PATCH] Bluetooth: MGMT: Add error handling to pair_device()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]