Bluetooth: Fix crash when monitor timeout expires
authorGustavo F. Padovan <padovan@profusion.mobi>
Sat, 1 May 2010 19:15:41 +0000 (16:15 -0300)
committerMarcel Holtmann <marcel@holtmann.org>
Mon, 10 May 2010 07:28:50 +0000 (09:28 +0200)
The code was crashing due to a invalid access to hci_conn after the
channel disconnect.

Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
Reviewed-by: João Paulo Rechi Vita <jprvita@profusion.mobi>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
net/bluetooth/l2cap.c

index 4c7b2d22faa5a536bf556ef3ae1ae7e780cf2809..2f9bbad428872700f1f33843c121ab9bab677fe6 100644 (file)
@@ -1568,6 +1568,9 @@ static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *m
 
        BT_DBG("sk %p len %d", sk, (int)len);
 
+       if (!conn)
+               return ERR_PTR(-ENOTCONN);
+
        if (sdulen)
                hlen += 2;