From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 26 Aug 2024 07:34:49 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v6.1.107~57
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=18923399424922129f1d2b60a056f7efb3521277;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	bluetooth-mgmt-add-error-handling-to-pair_device.patch
---

diff --git a/queue-5.10/bluetooth-mgmt-add-error-handling-to-pair_device.patch b/queue-5.10/bluetooth-mgmt-add-error-handling-to-pair_device.patch
new file mode 100644
index 00000000000..a8399e9b873
--- /dev/null
+++ b/queue-5.10/bluetooth-mgmt-add-error-handling-to-pair_device.patch
@@ -0,0 +1,37 @@
+From 538fd3921afac97158d4177139a0ad39f056dbb2 Mon Sep 17 00:00:00 2001
+From: Griffin Kroah-Hartman <griffin@kroah.com>
+Date: Thu, 15 Aug 2024 13:51:00 +0200
+Subject: Bluetooth: MGMT: Add error handling to pair_device()
+
+From: Griffin Kroah-Hartman <griffin@kroah.com>
+
+commit 538fd3921afac97158d4177139a0ad39f056dbb2 upstream.
+
+hci_conn_params_add() never checks for a NULL value and could lead to a NULL
+pointer dereference causing a crash.
+
+Fixed by adding error handling in the function.
+
+Cc: Stable <stable@kernel.org>
+Fixes: 5157b8a503fa ("Bluetooth: Fix initializing conn_params in scan phase")
+Signed-off-by: Griffin Kroah-Hartman <griffin@kroah.com>
+Reported-by: Yiwei Zhang <zhan4630@purdue.edu>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/mgmt.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/net/bluetooth/mgmt.c
++++ b/net/bluetooth/mgmt.c
+@@ -2962,6 +2962,10 @@ static int pair_device(struct sock *sk,
+ 		 * will be kept and this function does nothing.
+ 		 */
+ 		p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
++		if (!p) {
++			err = -EIO;
++			goto unlock;
++		}
+ 
+ 		if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
+ 			p->auto_connect = HCI_AUTO_CONN_DISABLED;
diff --git a/queue-5.10/series b/queue-5.10/series
index 9f9758a2baf..2def7b68148 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -106,3 +106,4 @@ net-xilinx-axienet-fix-dangling-multicast-addresses.patch
 drm-msm-dpu-don-t-play-tricks-with-debug-macros.patch
 drm-msm-dp-reset-the-link-phy-params-before-link-tra.patch
 mmc-mmc_test-fix-null-dereference-on-allocation-fail.patch
+bluetooth-mgmt-add-error-handling-to-pair_device.patch