Commit b40f1ae3 authored Mar 08, 2020 by Qiujun Huang Committed by Greg Kroah-Hartman Apr 13, 2020

Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl



commit 71811cac8532b2387b3414f7cd8fe9e497482864 upstream.

Needn't call 'rfcomm_dlc_put' here, because 'rfcomm_dlc_exists' didn't
increase dlc->refcnt.

Reported-by:  <syzbot+4496e82090657320efc6@syzkaller.appspotmail.com>
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Suggested-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 7f5432c2

net/bluetooth/rfcomm/tty.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -413,10 +413,8 @@ static int __rfcomm_create_dev(struct sock sk, void __user arg)
		dlc = rfcomm_dlc_exists(&req.src, &req.dst, req.channel);
		if (IS_ERR(dlc))
		return PTR_ERR(dlc);
		else if (dlc) {
		rfcomm_dlc_put(dlc);
		if (dlc)
		return -EBUSY;
		}
		dlc = rfcomm_dlc_alloc(GFP_KERNEL);
		if (!dlc)
		return -ENOMEM;