MLK-12295 Bluetooth: add hdev check to avoid passing null pointer

Function hci_mgmt_cmd() may pass hdev with null pointer to hci_mgmt_handler->func() like below code: err = handler->func(sk, hdev, cp, len); Add hdev check to avoid passing null pointer. Signed-off-by: Fugang Duan <B38611@freescale.com>
author: Fugang Duan <b38611@freescale.com> 2016-01-19 18:13:42 +0800
committer: Fugang Duan <b38611@freescale.com> 2016-01-20 17:10:09 +0800
commit: dce2d1ebda17c80bdcb8c9a97a5044988c03809a (patch)
tree: be1e95c6dee388b34dc4fdff27b1cbbccaf3fa0c /net
parent: 823aa893ac283884622296e1a30e37efb0fd2610 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index e11a5cfda4b1..6a4db9767a3f 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -976,7 +976,7 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
 	struct hci_dev *hdev = NULL;
 	const struct hci_mgmt_handler *handler;
 	bool var_len, no_hdev;
-	int err;
+	int err = 0;
 
 	BT_DBG("got %zu bytes", msglen);
 
@@ -1060,6 +1060,8 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk,
 
 	if (hdev && chan->hdev_init)
 		chan->hdev_init(sk, hdev);
+	else if (!hdev)
+		goto done;
 
 	cp = buf + sizeof(*hdr);
author	Fugang Duan <b38611@freescale.com>	2016-01-19 18:13:42 +0800
committer	Fugang Duan <b38611@freescale.com>	2016-01-20 17:10:09 +0800
commit	dce2d1ebda17c80bdcb8c9a97a5044988c03809a (patch)
tree	be1e95c6dee388b34dc4fdff27b1cbbccaf3fa0c /net
parent	823aa893ac283884622296e1a30e37efb0fd2610 (diff)