From: Johan Hedberg Date: Mon, 16 Jun 2014 16:25:14 +0000 (+0300) Subject: Bluetooth: Fix missing NULL check for smp_chan_create() return value X-Git-Tag: firefly_0821_release~176^2~3474^2~12^2~41^2~269 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c29d2444170a4e0709331e357a2738a02666a633;p=firefly-linux-kernel-4.4.55.git Bluetooth: Fix missing NULL check for smp_chan_create() return value The smp_chan_create function may return NULL, e.g. in the case of memory allocation failure, so we always need to check for this. Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann --- diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index e33a982161c1..1f4ed1e78e10 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -888,6 +888,8 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) return 0; smp = smp_chan_create(conn); + if (!smp) + return SMP_UNSPECIFIED; skb_pull(skb, sizeof(*rp));