diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 8d618e4654a54c74b65bbec28fd76fdbcc5cb708..b8c31467a7ac683b7693b236be9b953603b64b07 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -884,11 +884,17 @@ bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level) int smp_conn_security(struct hci_conn *hcon, __u8 sec_level) { struct l2cap_conn *conn = hcon->l2cap_data; - struct smp_chan *smp = conn->smp_chan; + struct smp_chan *smp; __u8 authreq; BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level); + /* This may be NULL if there's an unexpected disconnection */ + if (!conn) + return 1; + + smp = conn->smp_chan; + if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags)) return 1;