diff options
author | Marcel Holtmann <marcel@holtmann.org> | 2015-03-17 19:38:24 +0100 |
---|---|---|
committer | Johan Hedberg <johan.hedberg@intel.com> | 2015-03-18 07:30:03 +0100 |
commit | 63511f6d5ba0c20850448991be297751ddb6798c (patch) | |
tree | dbc670d6296219f8fa8882b287ca0967944f2fc5 /net/bluetooth/smp.c | |
parent | Bluetooth: Add workaround for broken OS X legacy SMP pairing (diff) | |
download | linux-63511f6d5ba0c20850448991be297751ddb6798c.tar.xz linux-63511f6d5ba0c20850448991be297751ddb6798c.zip |
Bluetooth: Fix potential NULL dereference in SMP channel setup
When the allocation of the L2CAP channel for the BR/EDR security manager
fails, then the smp variable might be NULL. In that case do not try to
free the non-existing crypto contexts
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Diffstat (limited to 'net/bluetooth/smp.c')
-rw-r--r-- | net/bluetooth/smp.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 6a5afb972358..1ec3f66b5a74 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -3124,9 +3124,11 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) create_chan: chan = l2cap_chan_create(); if (!chan) { - crypto_free_blkcipher(smp->tfm_aes); - crypto_free_hash(smp->tfm_cmac); - kzfree(smp); + if (smp) { + crypto_free_blkcipher(smp->tfm_aes); + crypto_free_hash(smp->tfm_cmac); + kzfree(smp); + } return ERR_PTR(-ENOMEM); } |