Hi Johan, * Johan Hedberg <johan.hedberg@xxxxxxxxx> [2013-01-29 10:44:23 -0600]: > From: Johan Hedberg <johan.hedberg@xxxxxxxxx> > > The conn->smp_chan pointer can be NULL if SMP PDUs arrive at unexpected > moments. To avoid NULL pointer dereferences the code should be checking > for this and disconnect if an unexpected SMP PDU arrives. This patch > fixes the issue by adding a check for conn->smp_chan for all other PDUs > except pairing request and security request (which are are the first > PDUs to come to initialize the SMP context). > > Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx> > CC: stable@xxxxxxxxxxxxxxx > --- > v2: Move the checks to a single place in smp_sig_channel() and instead > of ignoring the PDUs return failure from smp_sig_channel() to trigger a > disconnection. > > net/bluetooth/smp.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) Patch has been applied to bluetooth.git. Thanks. Gustavo -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
