Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp2975787pxb; Sun, 23 Jan 2022 22:35:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJw8VGyq14b/dizSxcaMM/pmxKnYN8+my2mdYfpyFuR8pHw4medYFilDLQQq45CrN/LgYh3G X-Received: by 2002:a63:7110:: with SMTP id m16mr10664771pgc.621.1643006115345; Sun, 23 Jan 2022 22:35:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643006115; cv=none; d=google.com; s=arc-20160816; b=INQmiSjWR+oQ0VJrpN7VHJlJeJridWDLaBPqgMyaqeNXmzMg3XRB2NhlYZa5UbKytI z8ylGQgt5xCR7r3ERIuZ2R68qTEbXSI+DNwW/1Cr+a4PZpUo3OIyBLifuwYjdtljDvFg /cPxbCtyVYGrOBaFHzi/TBiJenzmV29rbzzxrWRpHrCUiWQl1ozY2cYtDFKunEyAwTcw OUEMIp+yhN363YanU2GCKZGy2u9HwA0UWlUN0QQjA7hfaW9CZ8FgpwfhbDdIFhCeWPTV q7AmEuLRY/GJFeSwTNyB7FUJv/F+/Ml1U0eiwQD5bJ9G83zc2BmuI24CNZiu5czi+DXu LVpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=KpjYXXjXxbLHngAkHgcWbNwFkub06b9Tp7suMyQ/OGc=; b=f3EZTmRSL0aHIv9DYaUPeX1Chs8ZHz5etPSp9RLLZ7Z6i1tLg1c3JEg5vhM5v0stGN LKY0d9JULA1WXEHeERLT4HEqWPAGNzKhmXrYnnZ65cbk4GU2pdOIdM6JH5NWxEo+1VoR ZyWYxJWfciygqxE3r3MR9wattP1v1vOrxhv46yLjYimHw/a21TMWpeHErYPabwFsQqpX uKFpP/J5B4ThdaK0rTJgQ9EzutmOKjTZUa1FJxDPPKVhd30XYvIFY2le16Tf+6iXpCaH aSXvgINJ7TlAhBMj9Kf9ERmlt1jAcVBeoByQYIoC2O8+UyfXuGznju2ZuM0QZc+s1r9C aMww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c8si14621717pgq.34.2022.01.23.22.34.42; Sun, 23 Jan 2022 22:35:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235662AbiAWF52 (ORCPT + 99 others); Sun, 23 Jan 2022 00:57:28 -0500 Received: from giacobini.uberspace.de ([185.26.156.129]:58834 "EHLO giacobini.uberspace.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235651AbiAWF51 (ORCPT ); Sun, 23 Jan 2022 00:57:27 -0500 Received: (qmail 12117 invoked by uid 990); 23 Jan 2022 05:57:25 -0000 Authentication-Results: giacobini.uberspace.de; auth=pass (plain) From: Soenke Huster To: Marcel Holtmann , Johan Hedberg , Luiz Augusto von Dentz , "David S. Miller" , Jakub Kicinski Cc: Soenke Huster , linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] Bluetooth: msft: fix null pointer deref on msft_monitor_device_evt Date: Sun, 23 Jan 2022 06:57:09 +0100 Message-Id: <20220123055709.7925-1-soenke.huster@eknoes.de> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Bar: / X-Rspamd-Report: BAYES_HAM(-2.999986) R_MISSING_CHARSET(0.5) MIME_GOOD(-0.1) MID_CONTAINS_FROM(1) SUSPICIOUS_RECIPS(1.5) X-Rspamd-Score: -0.099986 Received: from unknown (HELO unkown) (::1) by giacobini.uberspace.de (Haraka/2.8.28) with ESMTPSA; Sun, 23 Jan 2022 06:57:25 +0100 Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org msft_find_handle_data returns NULL if it can't find the handle. Therefore, handle_data must be checked, otherwise a null pointer is dereferenced. Signed-off-by: Soenke Huster --- v2: Remove empty line net/bluetooth/msft.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/msft.c b/net/bluetooth/msft.c index 484540855863..9a3d77d3ca86 100644 --- a/net/bluetooth/msft.c +++ b/net/bluetooth/msft.c @@ -704,6 +704,8 @@ static void msft_monitor_device_evt(struct hci_dev *hdev, struct sk_buff *skb) ev->monitor_state, &ev->bdaddr); handle_data = msft_find_handle_data(hdev, ev->monitor_handle, false); + if (!handle_data) + return; switch (ev->addr_type) { case ADDR_LE_DEV_PUBLIC: -- 2.34.1