diff options
author | Fugang Duan <b38611@freescale.com> | 2016-01-19 18:13:42 +0800 |
---|---|---|
committer | Fugang Duan <b38611@freescale.com> | 2016-01-20 17:10:09 +0800 |
commit | dce2d1ebda17c80bdcb8c9a97a5044988c03809a (patch) | |
tree | be1e95c6dee388b34dc4fdff27b1cbbccaf3fa0c /net | |
parent | 823aa893ac283884622296e1a30e37efb0fd2610 (diff) |
MLK-12295 Bluetooth: add hdev check to avoid passing null pointer
Function hci_mgmt_cmd() may pass hdev with null pointer to hci_mgmt_handler->func()
like below code:
err = handler->func(sk, hdev, cp, len);
Add hdev check to avoid passing null pointer.
Signed-off-by: Fugang Duan <B38611@freescale.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/hci_sock.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index e11a5cfda4b1..6a4db9767a3f 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c @@ -976,7 +976,7 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, struct hci_dev *hdev = NULL; const struct hci_mgmt_handler *handler; bool var_len, no_hdev; - int err; + int err = 0; BT_DBG("got %zu bytes", msglen); @@ -1060,6 +1060,8 @@ static int hci_mgmt_cmd(struct hci_mgmt_chan *chan, struct sock *sk, if (hdev && chan->hdev_init) chan->hdev_init(sk, hdev); + else if (!hdev) + goto done; cp = buf + sizeof(*hdr); |