Skip to content

Commit

Permalink
Bluetooth: smp: Fix possible NULL dereference
Browse files Browse the repository at this point in the history 
smp_chan_create might return NULL so we need to check before
dereferencing smp.

Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
  • Loading branch information
Andrei Emeltchenko authored and Gustavo Padovan committed Aug 6, 2012
1 parent c3e7c0d commit d08fd0e
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion net/bluetooth/smp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -579,8 +579,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)

if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))
smp = smp_chan_create(conn);
else
smp = conn->smp_chan;

smp = conn->smp_chan;
if (!smp)
return SMP_UNSPECIFIED;

smp->preq[0] = SMP_CMD_PAIRING_REQ;
memcpy(&smp->preq[1], req, sizeof(*req));
Expand Down

0 comments on commit d08fd0e

Please sign in to comment.