diff options
author | Johan Hedberg <johan.hedberg@intel.com> | 2014-09-06 06:59:10 +0300 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2014-09-08 19:07:57 +0200 |
commit | c68b7f127d5f517c214e8bcf231d0188f6776d2a (patch) | |
tree | 586ab7b881e121d59a68340225e6e7f70dc5e07a /net/bluetooth | |
parent | 9f06a8d623b2c3aea09292b844e329fbfb401231 (diff) | |
download | op-kernel-dev-c68b7f127d5f517c214e8bcf231d0188f6776d2a.zip op-kernel-dev-c68b7f127d5f517c214e8bcf231d0188f6776d2a.tar.gz |
Bluetooth: Fix dereferencing conn variable before NULL check
This patch fixes the following type of static analyzer warning (and
probably a real bug as well as the NULL check should be there for a
reason):
net/bluetooth/smp.c:1182 smp_conn_security() warn: variable dereferenced before check 'conn' (see line 1174)
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/smp.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 1201670..560f78a 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -1210,7 +1210,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) { struct l2cap_conn *conn = hcon->l2cap_data; - struct l2cap_chan *chan = conn->smp; + struct l2cap_chan *chan; struct smp_chan *smp; __u8 authreq; int ret; @@ -1221,6 +1221,8 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) if (!conn) return 1; + chan = conn->smp; + if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) return 1; |