Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

Johan Hedberg says: ==================== pull request: bluetooth 2015-07-23 Here's another one-patch pull request for 4.2 which targets a potential NULL pointer dereference in the LE Security Manager code that can be triggered by using older user space tools. The issue has been there since 4.0 so there's the appropriate "Cc: stable" in place. Let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2015-07-26 21:53:08 -0700
committer: David S. Miller <davem@davemloft.net> 2015-07-26 21:53:08 -0700
commit: 03de104f7b62b4cebd8a3d33cef82d48ff28144c (patch)
tree: 75c076d342fa2d17058c4033d44ef9565700fd84 /net
parent: 32cba57ba74be58589aeb4cb6496183e46a5e3e5 (diff)
parent: 25ba265390c09b0a2b2f3fd9ba82e37248b7a371 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 3d0f7d2a0616..ad82324f710f 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2312,6 +2312,10 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
 		return 1;
 
 	chan = conn->smp;
+	if (!chan) {
+		BT_ERR("SMP security requested but not available");
+		return 1;
+	}
 
 	if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
 		return 1;
author	David S. Miller <davem@davemloft.net>	2015-07-26 21:53:08 -0700
committer	David S. Miller <davem@davemloft.net>	2015-07-26 21:53:08 -0700
commit	03de104f7b62b4cebd8a3d33cef82d48ff28144c (patch)
tree	75c076d342fa2d17058c4033d44ef9565700fd84 /net
parent	32cba57ba74be58589aeb4cb6496183e46a5e3e5 (diff)
parent	25ba265390c09b0a2b2f3fd9ba82e37248b7a371 (diff)