qiurui
/
Ubuntu-focal-kernel
mirror of https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bluetooth: MGMT: Add error handling to pair_device() 

BugLink: https://bugs.launchpad.net/bugs/2080595

commit 538fd3921afac97158d4177139a0ad39f056dbb2 upstream.

hci_conn_params_add() never checks for a NULL value and could lead to a NULL
pointer dereference causing a crash.

Fixed by adding error handling in the function.

Cc: Stable <stable@kernel.org>
Fixes: 5157b8a503 ("Bluetooth: Fix initializing conn_params in scan phase")
Signed-off-by: Griffin Kroah-Hartman <griffin@kroah.com>
Reported-by: Yiwei Zhang <zhan4630@purdue.edu>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
This commit is contained in:
Griffin Kroah-Hartman 2024-08-15 13:51:00 +02:00 committed by Stefan Bader
parent 2528121da0
commit 0c45a14747
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/bluetooth/mgmt.c
View File

@ -2908,6 +2908,10 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
* will be kept and this function does nothing. * will be kept and this function does nothing.
*/ */
p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type); p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
if (!p) {
err = -EIO;
goto unlock;
}
if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT) if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
p->auto_connect = HCI_AUTO_CONN_DISABLED; p->auto_connect = HCI_AUTO_CONN_DISABLED;