aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorRam Malovany <ramm@ti.com>2012-07-19 03:26:10 -0400
committerGustavo Padovan <gustavo.padovan@collabora.co.uk>2012-08-06 14:19:36 -0400
commit7cc8380eb10347016d95bf6f9d842c2ae6d12932 (patch)
tree26e46322ed9e86972c87b003b514afc1550d44c6 /net/bluetooth
parentc810089c27e48b816181b454fcc493d19fdbc2ba (diff)
Bluetooth: Fix using a NULL inquiry cache entry
If the device was not found in a list of found devices names of which are pending.This may happen in a case when HCI Remote Name Request was sent as a part of incoming connection establishment procedure. Hence there is no need to continue resolving a next name as it will be done upon receiving another Remote Name Request Complete Event. This will fix a kernel crash when trying to use this entry to resolve the next name. Cc: stable@vger.kernel.org Signed-off-by: Ram Malovany <ramm@ti.com> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/hci_event.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index b64cfa213bd6..fe9a3d6d30b0 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -1396,12 +1396,18 @@ static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1396 return; 1396 return;
1397 1397
1398 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING); 1398 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1399 if (e) { 1399 /* If the device was not found in a list of found devices names of which
1400 * are pending. there is no need to continue resolving a next name as it
1401 * will be done upon receiving another Remote Name Request Complete
1402 * Event */
1403 if (!e)
1404 return;
1405
1406 list_del(&e->list);
1407 if (name) {
1400 e->name_state = NAME_KNOWN; 1408 e->name_state = NAME_KNOWN;
1401 list_del(&e->list); 1409 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1402 if (name) 1410 e->data.rssi, name, name_len);
1403 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1404 e->data.rssi, name, name_len);
1405 } 1411 }
1406 1412
1407 if (hci_resolve_next_name(hdev)) 1413 if (hci_resolve_next_name(hdev))