All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] Bluetooth: Fix possible NULL pointer dereference
@ 2011-09-23  8:01 Waldemar Rymarkiewicz
  2011-09-23  8:05 ` Marcel Holtmann
  2011-09-29 18:48 ` Gustavo Padovan
  0 siblings, 2 replies; 4+ messages in thread
From: Waldemar Rymarkiewicz @ 2011-09-23  8:01 UTC (permalink / raw)
  To: linux-bluetooth
  Cc: Marcel Holtmann, padovan, Johan Hedberg, Waldemar Rymarkiewicz,
	Waldemar Rymarkiewicz

Checking conn->pending_sec_level if there is no connection leads to potential
null pointer dereference. Don't process pin_code_request_event at all if no
connection exists.

Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@gmail.com>
---
 net/bluetooth/hci_event.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index a520787..10a4569 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -2175,7 +2175,10 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
 	hci_dev_lock(hdev);
 
 	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
-	if (conn && conn->state == BT_CONNECTED) {
+	if (!conn)
+		goto unlock;
+
+	if (conn->state == BT_CONNECTED) {
 		hci_conn_hold(conn);
 		conn->disc_timeout = HCI_PAIRING_TIMEOUT;
 		hci_conn_put(conn);
@@ -2195,6 +2198,7 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
 		mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
 	}
 
+unlock:
 	hci_dev_unlock(hdev);
 }
 
-- 
1.7.6.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] Bluetooth: Fix possible NULL pointer dereference
  2011-09-23  8:01 [PATCH v2] Bluetooth: Fix possible NULL pointer dereference Waldemar Rymarkiewicz
@ 2011-09-23  8:05 ` Marcel Holtmann
  2011-09-29  7:58   ` Rymarkiewicz Waldemar
  2011-09-29 18:48 ` Gustavo Padovan
  1 sibling, 1 reply; 4+ messages in thread
From: Marcel Holtmann @ 2011-09-23  8:05 UTC (permalink / raw)
  To: Waldemar Rymarkiewicz
  Cc: linux-bluetooth, padovan, Johan Hedberg, Waldemar Rymarkiewicz

Hi Waldemar,

> Checking conn->pending_sec_level if there is no connection leads to potential
> null pointer dereference. Don't process pin_code_request_event at all if no
> connection exists.
> 
> Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@gmail.com>

Acked-by: Marcel Holtmann <marcel@holtmann.org>

Regards

Marcel



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] Bluetooth: Fix possible NULL pointer dereference
  2011-09-23  8:05 ` Marcel Holtmann
@ 2011-09-29  7:58   ` Rymarkiewicz Waldemar
  0 siblings, 0 replies; 4+ messages in thread
From: Rymarkiewicz Waldemar @ 2011-09-29  7:58 UTC (permalink / raw)
  To: padovan; +Cc: linux-bluetooth

Gustavo,

>>
>> Signed-off-by: Waldemar Rymarkiewicz<waldemar.rymarkiewicz@gmail.com>
>
> Acked-by: Marcel Holtmann<marcel@holtmann.org>
>

Will you apply this patch?

Thanks,
/Waldek

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] Bluetooth: Fix possible NULL pointer dereference
  2011-09-23  8:01 [PATCH v2] Bluetooth: Fix possible NULL pointer dereference Waldemar Rymarkiewicz
  2011-09-23  8:05 ` Marcel Holtmann
@ 2011-09-29 18:48 ` Gustavo Padovan
  1 sibling, 0 replies; 4+ messages in thread
From: Gustavo Padovan @ 2011-09-29 18:48 UTC (permalink / raw)
  To: Waldemar Rymarkiewicz
  Cc: linux-bluetooth, Marcel Holtmann, Johan Hedberg, Waldemar Rymarkiewicz

Hi Waldemar,

* Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> [2011-09-23 10:01:30 +0200]:

> Checking conn->pending_sec_level if there is no connection leads to potential
> null pointer dereference. Don't process pin_code_request_event at all if no
> connection exists.
> 
> Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@gmail.com>
> ---
>  net/bluetooth/hci_event.c |    6 +++++-
>  1 files changed, 5 insertions(+), 1 deletions(-)

Applied, thanks.

	Gustavo

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-09-29 18:48 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-09-23  8:01 [PATCH v2] Bluetooth: Fix possible NULL pointer dereference Waldemar Rymarkiewicz
2011-09-23  8:05 ` Marcel Holtmann
2011-09-29  7:58   ` Rymarkiewicz Waldemar
2011-09-29 18:48 ` Gustavo Padovan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.