Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp2532471pxb;
        Sun, 23 Jan 2022 07:39:52 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyoqJQbdNzwryZcbn0ExfZr4dRo4+FSq/DFlERYtMYuVtWrO6W9cXGdRq3wDMEbw3hgUzVJ
X-Received: by 2002:a17:903:11c5:b0:149:a8cf:37da with SMTP id q5-20020a17090311c500b00149a8cf37damr11658159plh.132.1642952391940;
        Sun, 23 Jan 2022 07:39:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642952391; cv=none;
        d=google.com; s=arc-20160816;
        b=AQ+GbnKTamJk/bvMKZoCDoCEK5M+UT5bsQ08BnMAuZ1GEiUzv2DwKWpsiGB/Hh3K+Q
         f3nKuy5/TZcjN9/SW7D9yIXB+qNtWQp1LU0jSK1R066mLND/ufO8vMyuPfpcMqTqchZQ
         2fEmOczFSIstHPieoLG4pL+ANjvKdT/bK7mSOkINtBgj1Tmor94+gtBUnQWNOZy6jwlJ
         BreErwGFikwSYkzuvljbnvT4YDyyZ0fwHHTjnTHaLyMLGZN9H/FH8lLpH3ptP1KxnQxg
         +VESoZAYd9Pjt07L1OkkwMDv8Om4rTodPgrRO3ksehP3MgjV05Zgq1UlGip9rOOdPgTj
         IHVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version;
        bh=rQChzFOXa+1Mp0QDBaRFhhH0pdB0ggrSnuU2YiM+UrY=;
        b=Od6E+SEAUZjfToPX0HdUSfZiDWnhQxkGbccm1uCa6uFOpH3FzltDFTqGTgDC8khrs0
         hOK15/qHXV7OTKvOAQvrYmf6wbB33hOHVNiaXxGobg3t6Y+q06dESRMPe8xWwbfqMEQv
         oHPjr9kERPLldPoCT6JyW4uXnTHG8XEH/qpYwCLfPjiGs/pYLtTIguxhAL/nCH6H5IXB
         90ZMkOLB6HCTWeojYmgc8Nn8LTqGn3F1uY3ucKUoN3Y3VVu9d9eTr/g/28RgXuZHKH3n
         7euxyaXslm2SnHpDhWi9M6W5tHOGbTm59JQFOmYQARwCiKskiYTib6MpIGJG8ryrx1BV
         zIAQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g22si10200097plq.188.2022.01.23.07.39.40;
        Sun, 23 Jan 2022 07:39:51 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234970AbiAVVjX convert rfc822-to-8bit (ORCPT
        <rfc822;troverman@gmail.com> + 99 others);
        Sat, 22 Jan 2022 16:39:23 -0500
Received: from coyote.holtmann.net ([212.227.132.17]:37835 "EHLO
        mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230339AbiAVVjW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Jan 2022 16:39:22 -0500
Received: from smtpclient.apple (p4fefca45.dip0.t-ipconnect.de [79.239.202.69])
        by mail.holtmann.org (Postfix) with ESMTPSA id 89D17CED30;
        Sat, 22 Jan 2022 22:39:20 +0100 (CET)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.40.0.1.81\))
Subject: Re: [PATCH] Bluetooth: msft: fix null pointer deref on
 msft_monitor_device_evt
From:   Marcel Holtmann <marcel@holtmann.org>
In-Reply-To: <20220122082751.285478-1-soenke.huster@eknoes.de>
Date:   Sat, 22 Jan 2022 22:39:19 +0100
Cc:     Johan Hedberg <johan.hedberg@gmail.com>,
        Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        BlueZ <linux-bluetooth@vger.kernel.org>,
        "open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
        linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8BIT
Message-Id: <5EE35A0B-5B1F-4ABA-986F-15F73A81141C@holtmann.org>
References: <20220122082751.285478-1-soenke.huster@eknoes.de>
To:     Soenke Huster <soenke.huster@eknoes.de>
X-Mailer: Apple Mail (2.3693.40.0.1.81)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Soenke,

> msft_find_handle_data returns NULL if it can't find the handle.
> Therefore, handle_data must be checked, otherwise a null pointer
> is dereferenced.
> 
> Signed-off-by: Soenke Huster <soenke.huster@eknoes.de>
> ---
> net/bluetooth/msft.c | 3 +++
> 1 file changed, 3 insertions(+)
> 
> diff --git a/net/bluetooth/msft.c b/net/bluetooth/msft.c
> index 484540855863..d2cf92e834f7 100644
> --- a/net/bluetooth/msft.c
> +++ b/net/bluetooth/msft.c
> @@ -705,6 +705,9 @@ static void msft_monitor_device_evt(struct hci_dev *hdev, struct sk_buff *skb)
> 
> 	handle_data = msft_find_handle_data(hdev, ev->monitor_handle, false);
> 

scrap this empty line. The check can got right after the assignment.

> +	if (!handle_data)
> +		return;
> +
> 	switch (ev->addr_type) {
> 	case ADDR_LE_DEV_PUBLIC:
> 		addr_type = BDADDR_LE_PUBLIC;

Regards

Marcel