From: Johan Hedberg <johan.hedberg@intel.com>
Date: Mon, 16 Jun 2014 16:25:14 +0000 (+0300)
Subject: Bluetooth: Fix missing NULL check for smp_chan_create() return value
X-Git-Tag: v3.17-rc1~106^2~73^2~87^2~193
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=c29d2444170a4e0709331e357a2738a02666a633;p=~emulex%2Finfiniband.git

Bluetooth: Fix missing NULL check for smp_chan_create() return value

The smp_chan_create function may return NULL, e.g. in the case of memory
allocation failure, so we always need to check for this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index e33a982161c..1f4ed1e78e1 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -888,6 +888,8 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
 		return 0;
 
 	smp = smp_chan_create(conn);
+	if (!smp)
+		return SMP_UNSPECIFIED;
 
 	skb_pull(skb, sizeof(*rp));