From 6231b4343524984a6836954b22c03aeb1d9d12c8 Mon Sep 17 00:00:00 2001
From: Lyle Zhu <lyle.zhu@nxp.com>
Date: Fri, 6 Jun 2025 10:11:11 +0800
Subject: [PATCH] Bluetooth: Classic: SDP: Fix buf leak issue

In the function `sdp_client_ss_search()` and
`sdp_client_ssa_search()`, the allocated buf is not released if the
required UUID is invalid.

Un-reference the allocated net buffer if the UUID is invalid.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
---
 subsys/bluetooth/host/classic/sdp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/subsys/bluetooth/host/classic/sdp.c b/subsys/bluetooth/host/classic/sdp.c
index 0978a1714d7..8e8255c35d2 100644
--- a/subsys/bluetooth/host/classic/sdp.c
+++ b/subsys/bluetooth/host/classic/sdp.c
@@ -1515,6 +1515,7 @@ static int sdp_client_ss_search(struct bt_sdp_client *session,
 		break;
 	default:
 		LOG_ERR("Unknown UUID type %u", param->uuid->type);
+		net_buf_unref(buf);
 		return -EINVAL;
 	}
 
@@ -1620,6 +1621,7 @@ static int sdp_client_ssa_search(struct bt_sdp_client *session,
 		break;
 	default:
 		LOG_ERR("Unknown UUID type %u", param->uuid->type);
+		net_buf_unref(buf);
 		return -EINVAL;
 	}