mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-01 02:33:57 +00:00
Bluetooth: Fix possible NULL pointer dereference
Checking conn->pending_sec_level if there is no connection leads to potential null pointer dereference. Don't process pin_code_request_event at all if no connection exists. Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@gmail.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
This commit is contained in:
parent
67c9e840a0
commit
b6f98044a6
@ -2174,7 +2174,10 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
|
||||
hci_dev_lock(hdev);
|
||||
|
||||
conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
|
||||
if (conn && conn->state == BT_CONNECTED) {
|
||||
if (!conn)
|
||||
goto unlock;
|
||||
|
||||
if (conn->state == BT_CONNECTED) {
|
||||
hci_conn_hold(conn);
|
||||
conn->disc_timeout = HCI_PAIRING_TIMEOUT;
|
||||
hci_conn_put(conn);
|
||||
@ -2194,6 +2197,7 @@ static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff
|
||||
mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
|
||||
}
|
||||
|
||||
unlock:
|
||||
hci_dev_unlock(hdev);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user