On Mon, Mar 13, 2023 at 05:03:46PM +0800, Jiasheng Jiang wrote:
> Add the check for the return value of skb_clone since it may return NULL
> pointer and cause NULL pointer dereference in send_pkt.
>
> Fixes: 18722c247023 ("Bluetooth: Enable 6LoWPAN support for BT LE devices")
> Signed-off-by: Jiasheng Jiang <jiasheng@xxxxxxxxxxx>
> ---
> net/bluetooth/6lowpan.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c
> index 4eb1b3ced0d2..bf42a0b03e20 100644
> --- a/net/bluetooth/6lowpan.c
> +++ b/net/bluetooth/6lowpan.c
> @@ -477,6 +477,10 @@ static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
> int ret;
>
> local_skb = skb_clone(skb, GFP_ATOMIC);
> + if (!local_skb) {
> + rcu_read_unlock();
> + return -ENOMEM;
> + }
Further down in this loop an error is handled as follows,
I wonder if that pattern is appropriate here too.
ret = send_pkt(pentry->chan, local_skb, netdev);
if (ret < 0)
err = ret;
> BT_DBG("xmit %s to %pMR type %u IP %pI6c chan %p",
> netdev->name,
> --
> 2.25.1
>
