Bluetooth: hci_event: Make sure ISO events don't affect non-ISO connections

ISO events (CIS/BIS) shall only be relevant for connection with link
type of ISO_LINK, otherwise the controller is probably buggy or it is
the result of fuzzer tools such as syzkaller.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index ed3e5b2..faca701 100644 (file)
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6791,6 +6791,13 @@ static void hci_le_cis_estabilished_evt(struct hci_dev *hdev, void *data,
                goto unlock;
        }
 
+       if (conn->type != ISO_LINK) {
+               bt_dev_err(hdev,
+                          "Invalid connection link type handle 0x%4.4x",
+                          handle);
+               goto unlock;
+       }
+
        if (conn->role == HCI_ROLE_SLAVE) {
                __le32 interval;
 
@@ -6911,6 +6918,13 @@ static void hci_le_create_big_complete_evt(struct hci_dev *hdev, void *data,
        if (!conn)
                goto unlock;
 
+       if (conn->type != ISO_LINK) {
+               bt_dev_err(hdev,
+                          "Invalid connection link type handle 0x%2.2x",
+                          ev->handle);
+               goto unlock;
+       }
+
        if (ev->num_bis)
                conn->handle = __le16_to_cpu(ev->bis_handle[0]);