Skip to content

Commit

Permalink
Bluetooth: MGMT: Add error handling to pair_device()
Browse files Browse the repository at this point in the history
hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.

Fixed by adding error handling in the function.

Cc: Stable <stable@kernel.org>
Fixes: 5157b8a ("Bluetooth: Fix initializing conn_params in scan phase")
Signed-off-by: Griffin Kroah-Hartman <griffin@kroah.com>
Reported-by: Yiwei Zhang <zhan4630@purdue.edu>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
  • Loading branch information
griffinkh authored and Vudentz committed Aug 15, 2024
1 parent 01bcdf3 commit 7285ef0
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions net/bluetooth/mgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -3456,6 +3456,10 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
* will be kept and this function does nothing.
*/
p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
if (!p) {
err = -EIO;
goto unlock;
}

if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
p->auto_connect = HCI_AUTO_CONN_DISABLED;
Expand Down

0 comments on commit 7285ef0

Please sign in to comment.