diff options
author | Andrei Emeltchenko <andrei.emeltchenko@intel.com> | 2012-07-19 10:03:43 -0400 |
---|---|---|
committer | Gustavo Padovan <gustavo.padovan@collabora.co.uk> | 2012-08-06 14:19:37 -0400 |
commit | d08fd0e712a834d4abb869c0215a702e290bc51e (patch) | |
tree | 2f5a17eb8c1240b55027d39b9957bd17893abcf0 /net/bluetooth | |
parent | c3e7c0d90b14a3e7ac091d24cef09efb516d587b (diff) |
Bluetooth: smp: Fix possible NULL dereference
smp_chan_create might return NULL so we need to check before
dereferencing smp.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/smp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 16ef0dc85a0a..901a616c8083 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
@@ -579,8 +579,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
579 | 579 | ||
580 | if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) | 580 | if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags)) |
581 | smp = smp_chan_create(conn); | 581 | smp = smp_chan_create(conn); |
582 | else | ||
583 | smp = conn->smp_chan; | ||
582 | 584 | ||
583 | smp = conn->smp_chan; | 585 | if (!smp) |
586 | return SMP_UNSPECIFIED; | ||
584 | 587 | ||
585 | smp->preq[0] = SMP_CMD_PAIRING_REQ; | 588 | smp->preq[0] = SMP_CMD_PAIRING_REQ; |
586 | memcpy(&smp->preq[1], req, sizeof(*req)); | 589 | memcpy(&smp->preq[1], req, sizeof(*req)); |