From: Sungwoo Kim <iam@sung-woo.kim>
Date: Thu, 2 May 2024 16:09:31 +0000 (-0400)
Subject: Bluetooth: HCI: Fix potential null-ptr-deref
X-Git-Tag: v6.6.31~128
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1f7ebb69c1d65732bcac2fda9d15421f76f01e81;p=thirdparty%2Fkernel%2Fstable.git

Bluetooth: HCI: Fix potential null-ptr-deref

[ Upstream commit d2706004a1b8b526592e823d7e52551b518a7941 ]

Fix potential null-ptr-deref in hci_le_big_sync_established_evt().

Fixes: f777d8827817 (Bluetooth: ISO: Notify user space about failed bis connections)
Signed-off-by: Sungwoo Kim <iam@sung-woo.kim>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 1b4abf8e90f6b..9274d32550493 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -7200,6 +7200,8 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
 			u16 handle = le16_to_cpu(ev->bis[i]);
 
 			bis = hci_conn_hash_lookup_handle(hdev, handle);
+			if (!bis)
+				continue;
 
 			set_bit(HCI_CONN_BIG_SYNC_FAILED, &bis->flags);
 			hci_connect_cfm(bis, ev->status);