From: Johan Hedberg <johan.hedberg@xxxxxxxxx> The smp_chan_create function may return NULL, e.g. in the case of memory allocation failure, so we always need to check for this. Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx> --- net/bluetooth/smp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index f2829a7932e2..e779e5298ebf 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -856,6 +856,8 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) return 0; smp = smp_chan_create(conn); + if (!smp) + return SMP_UNSPECIFIED; skb_pull(skb, sizeof(*rp)); -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
