| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Jan 2022 22:39:19 +0100
From: Marcel Holtmann <marcel@...tmann.org>
To: Soenke Huster <soenke.huster@...oes.de>
Cc: Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
BlueZ <linux-bluetooth@...r.kernel.org>,
"open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Bluetooth: msft: fix null pointer deref on
msft_monitor_device_evt
Hi Soenke,
> msft_find_handle_data returns NULL if it can't find the handle.
> Therefore, handle_data must be checked, otherwise a null pointer
> is dereferenced.
>
> Signed-off-by: Soenke Huster <soenke.huster@...oes.de>
> ---
> net/bluetooth/msft.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/bluetooth/msft.c b/net/bluetooth/msft.c
> index 484540855863..d2cf92e834f7 100644
> --- a/net/bluetooth/msft.c
> +++ b/net/bluetooth/msft.c
> @@ -705,6 +705,9 @@ static void msft_monitor_device_evt(struct hci_dev *hdev, struct sk_buff *skb)
>
> handle_data = msft_find_handle_data(hdev, ev->monitor_handle, false);
>
scrap this empty line. The check can got right after the assignment.
> + if (!handle_data)
> + return;
> +
> switch (ev->addr_type) {
> case ADDR_LE_DEV_PUBLIC:
> addr_type = BDADDR_LE_PUBLIC;
Regards
Marcel
Powered by blists - more mailing lists