diff options
author | Dean Jenkins <Dean_Jenkins@mentor.com> | 2013-02-28 15:21:55 +0100 |
---|---|---|
committer | Gustavo Padovan <gustavo.padovan@collabora.co.uk> | 2013-03-08 14:40:24 +0100 |
commit | 8ff52f7d04d9cc31f1e81dcf9a2ba6335ed34905 (patch) | |
tree | 681a2468209aff5c83cd7c3bafe1eb6c38123c63 /ipc/syscall.c | |
parent | Bluetooth: Check rfcomm session and DLC exists on socket close (diff) | |
download | linux-8ff52f7d04d9cc31f1e81dcf9a2ba6335ed34905.tar.xz linux-8ff52f7d04d9cc31f1e81dcf9a2ba6335ed34905.zip |
Bluetooth: Return RFCOMM session ptrs to avoid freed session
Unfortunately, the design retains local copies of the s RFCOMM
session pointer in various code blocks and this invites the erroneous
access to a freed RFCOMM session structure.
Therefore, return the RFCOMM session pointer back up the call stack
to avoid accessing a freed RFCOMM session structure. When the RFCOMM
session is deleted, NULL is passed up the call stack.
If active DLCs exist when the rfcomm session is terminating,
avoid a memory leak of rfcomm_dlc structures by ensuring that
rfcomm_session_close() is used instead of rfcomm_session_del().
Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Diffstat (limited to 'ipc/syscall.c')
0 files changed, 0 insertions, 0 deletions