Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d08fd0e7 authored by Andrei Emeltchenko's avatar Andrei Emeltchenko Committed by Gustavo Padovan
Browse files

Bluetooth: smp: Fix possible NULL dereference 



smp_chan_create might return NULL so we need to check before
dereferencing smp.

Signed-off-by: default avatarAndrei Emeltchenko <andrei.emeltchenko@intel.com>
Signed-off-by: default avatarGustavo Padovan <gustavo.padovan@collabora.co.uk>
parent c3e7c0d9

net/bluetooth/smp.c

+4 −1
Original line number Diff line number Diff line
@@ -579,9 +579,12 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 


	if (!test_and_set_bit(HCI_CONN_LE_SMP_PEND, &conn->hcon->flags))

		smp = smp_chan_create(conn);



	else

		smp = conn->smp_chan;



	if (!smp)

		return SMP_UNSPECIFIED;



	smp->preq[0] = SMP_CMD_PAIRING_REQ;

	memcpy(&smp->preq[1], req, sizeof(*req));

	skb_pull(skb, sizeof(*req));