Bluetooth: host: missing `NULL` check in `bt_le_create_conn_cancel` #85301

JordanYates · 2025-02-06T12:25:32Z

Describe the bug

Due to a missing NULL check in bt_le_create_conn_cancel a NULL pointer can be provided to bt_hci_cmd_state_set_init, causing a fault.

zephyr/subsys/bluetooth/host/hci_core.c

Lines 860 to 862 in b6c8212

    
           buf = bt_hci_cmd_create(BT_HCI_OP_LE_CREATE_CONN_CANCEL, 0); 
        
           bt_hci_cmd_state_set_init(buf, &state, bt_dev.flags,

Expected behavior

Return value of bt_hci_cmd_create should be checked before use.

Impact

Program faults

Environment (please complete the following information):

Zephyr v3.7.0
Zephyr v4.0.0

The text was updated successfully, but these errors were encountered:

JordanYates added the bug The issue is a bug, or the PR is fixing a bug label Feb 6, 2025

JordanYates mentioned this issue Feb 6, 2025

bluetooth: host: hci_core: add missing NULL check #85299

Open

henrikbrixandersen added area: Bluetooth area: Bluetooth Host Bluetooth Host (excluding BR/EDR) labels Feb 7, 2025

zephyrbot assigned jhedberg and alwa-nordic Feb 7, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bluetooth: host: missing `NULL` check in `bt_le_create_conn_cancel` #85301

Bluetooth: host: missing `NULL` check in `bt_le_create_conn_cancel` #85301

JordanYates commented Feb 6, 2025

Bluetooth: host: missing NULL check in bt_le_create_conn_cancel #85301

Bluetooth: host: missing NULL check in bt_le_create_conn_cancel #85301

Comments

JordanYates commented Feb 6, 2025

Bluetooth: host: missing `NULL` check in `bt_le_create_conn_cancel` #85301

Bluetooth: host: missing `NULL` check in `bt_le_create_conn_cancel` #85301