diff options
author | Loic Poulain <loic.poulain@intel.com> | 2016-04-04 10:48:13 +0200 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2016-04-08 18:58:56 +0200 |
commit | 84cb3df02aea4b00405521e67c4c67c2d525c364 (patch) | |
tree | 4802172d6283adade1e8299ed851b4b2af8c14d2 /drivers/bluetooth/hci_uart.h | |
parent | Bluetooth: hci_bcm: Add BCM2E71 ACPI ID (diff) | |
download | linux-84cb3df02aea4b00405521e67c4c67c2d525c364.tar.xz linux-84cb3df02aea4b00405521e67c4c67c2d525c364.zip |
Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data
HCI_UART_PROTO_SET flag is set before hci_uart_set_proto call. If we
receive data from tty layer during this procedure, proto pointer may
not be assigned yet, leading to null pointer dereference in rx method
hci_uart_tty_receive.
This patch fixes this issue by introducing HCI_UART_PROTO_READY flag in
order to avoid any proto operation before proto opening and assignment.
Signed-off-by: Loic Poulain <loic.poulain@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'drivers/bluetooth/hci_uart.h')
-rw-r--r-- | drivers/bluetooth/hci_uart.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h index 4814ff08f427..839bad1d8152 100644 --- a/drivers/bluetooth/hci_uart.h +++ b/drivers/bluetooth/hci_uart.h @@ -95,6 +95,7 @@ struct hci_uart { /* HCI_UART proto flag bits */ #define HCI_UART_PROTO_SET 0 #define HCI_UART_REGISTERED 1 +#define HCI_UART_PROTO_READY 2 /* TX states */ #define HCI_UART_SENDING 1 |