diff options
| author | Griffin Kroah-Hartman <griffin@kroah.com> | 2024-08-15 13:51:00 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-09-04 13:15:01 +0200 |
| commit | 90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9 (patch) | |
| tree | 8e1247ca115977f01798898326d14e4f83456d57 | |
| parent | 2b507b03991f44dfb202fc2a82c9874d1b1f0c06 (diff) | |
| download | linux-90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9.tar.gz linux-90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9.tar.bz2 linux-90e1ff1c15e5a8f3023ca8266e3a85869ed03ee9.zip | |
Bluetooth: MGMT: Add error handling to pair_device()
commit 538fd3921afac97158d4177139a0ad39f056dbb2 upstream.
hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.
Fixed by adding error handling in the function.
Cc: Stable <stable@kernel.org>
Fixes: 5157b8a503fa ("Bluetooth: Fix initializing conn_params in scan phase")
Signed-off-by: Griffin Kroah-Hartman <griffin@kroah.com>
Reported-by: Yiwei Zhang <zhan4630@purdue.edu>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/bluetooth/mgmt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 0ae5d3cab4dc..2706e238ca44 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -2908,6 +2908,10 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data, * will be kept and this function does nothing. */ p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); + if (!p) { + err = -EIO; + goto unlock; + } if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) p->auto_connect = HCI_AUTO_CONN_DISABLED; |