This is an automated email from the ASF dual-hosted git repository. janc pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
commit 10c2ae801809c08d6b0677c06712d7aad9b03ec0 Author: Szymon Janc <[email protected]> AuthorDate: Tue Mar 12 14:19:48 2024 +0100 nimble/eatt: Fix NULL deref in ble_eatt_alloc If ble_eatt_conn_pool was empty we would end up in writing NULL address. --- nimble/host/src/ble_eatt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/nimble/host/src/ble_eatt.c b/nimble/host/src/ble_eatt.c index de1c0d715..f9f7d924f 100644 --- a/nimble/host/src/ble_eatt.c +++ b/nimble/host/src/ble_eatt.c @@ -177,10 +177,13 @@ ble_eatt_alloc(void) struct ble_eatt *eatt; eatt = os_memblock_get(&ble_eatt_conn_pool); - if (eatt) { - SLIST_INSERT_HEAD(&g_ble_eatt_list, eatt, next); + if (!eatt) { + BLE_EATT_LOG_WARN("eatt: Failed to allocate new eatt context\n"); + return NULL; } + SLIST_INSERT_HEAD(&g_ble_eatt_list, eatt, next); + eatt->conn_handle = BLE_HS_CONN_HANDLE_NONE; eatt->chan = NULL; eatt->client_op = 0;
