Hi Johan, > The conn->smp_chan pointer can be NULL if SMP PDUs arrive at unexpected > moments. To avoid NULL pointer dereferences the code should be checking > for this and disconnect if an unexpected SMP PDU arrives. This patch > fixes the issue by adding a check for conn->smp_chan for all other PDUs > except pairing request and security request (which are are the first > PDUs to come to initialize the SMP context). > > Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx> > CC: stable@xxxxxxxxxxxxxxx > --- > v2: Move the checks to a single place in smp_sig_channel() and instead > of ignoring the PDUs return failure from smp_sig_channel() to trigger a > disconnection. > > net/bluetooth/smp.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) this looks way better. Acked-by: Marcel Holtmann <marcel@xxxxxxxxxxxx> Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
