Commit 7cc8380e authored Jul 19, 2012 by Ram Malovany Committed by Gustavo Padovan Aug 06, 2012

Bluetooth: Fix using a NULL inquiry cache entry



If the device was not found in a list of found devices names of which
are pending.This may happen in a case when HCI Remote Name Request
was sent as a part of incoming connection establishment procedure.
Hence there is no need to continue resolving a next name as it will
be done upon receiving another Remote Name Request Complete Event.
This will fix a kernel crash when trying to use this entry to resolve
the next name.

Cc: stable@vger.kernel.org
Signed-off-by: Ram Malovany <ramm@ti.com>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>

parent c810089c

net/bluetooth/hci_event.c

+11 −5

Original line number	Diff line number	Diff line
		@@ -1396,10 +1396,16 @@ static void hci_check_pending_name(struct hci_dev hdev, struct hci_conn conn,
		return;

		e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
		if (e) {
		e->name_state = NAME_KNOWN;
		/* If the device was not found in a list of found devices names of which
		* are pending. there is no need to continue resolving a next name as it
		* will be done upon receiving another Remote Name Request Complete
		* Event */
		if (!e)
		return;

		list_del(&e->list);
		if (name)
		if (name) {
		e->name_state = NAME_KNOWN;
		mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
		e->data.rssi, name, name_len);
		}