Bluetooth: Fix potential NULL dereference in SMP channel setup

When the allocation of the L2CAP channel for the BR/EDR security manager fails, then the smp variable might be NULL. In that case do not try to free the non-existing crypto contexts Reported-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Johan Hedberg <johan.hedberg@intel.com>

Bluetooth: Fix potential NULL dereference in SMP channel setup
When the allocation of the L2CAP channel for the BR/EDR security manager fails, then the smp variable might be NULL. In that case do not try to free the non-existing crypto contexts Reported-by: N Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Signed-off-by: N Johan Hedberg <johan.hedberg@intel.com>
63511f6d · Marcel Holtmann · Johan Hedberg · 19c5ce9c · 63511f6d
隐藏空白更改
内联并排

Showing with 5 addition and 3 deletion

net/bluetooth/smp.c net/bluetooth/smp.c +5 -3

未找到文件。
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -3124,9 +3124,11 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
 create_chan:
 	chan = l2cap_chan_create();
 	if (!chan) {
-		crypto_free_blkcipher(smp->tfm_aes);
-		crypto_free_hash(smp->tfm_cmac);
-		kzfree(smp);
+		if (smp) {
+			crypto_free_blkcipher(smp->tfm_aes);
+			crypto_free_hash(smp->tfm_cmac);
+			kzfree(smp);
+		}
 		return ERR_PTR(-ENOMEM);
 	}