From: Mikel Astiz <mikel.astiz@xxxxxxxxxxxx> The code dereferences a NULL pointer if find_connection() doesn't find an existing connection, which will be the case if the input UUID is invalid or not supported. --- profiles/network/connection.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/profiles/network/connection.c b/profiles/network/connection.c index 84f3dd6..bac3b69 100644 --- a/profiles/network/connection.c +++ b/profiles/network/connection.c @@ -426,7 +426,10 @@ static DBusMessage *local_connect(DBusConnection *conn, id = bnep_service_id(svc); nc = find_connection(peer->connections, id); - if (nc && nc->connect) + if (nc == NULL) + return btd_error_invalid_args(msg); + + if (nc->connect != NULL) return btd_error_busy(msg); err = connection_connect(nc->service); -- 1.8.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
