git.hungrycats.org Git - linux/commit

author	Loic Poulain <loic.poulain@intel.com>
	Mon, 4 Apr 2016 08:48:13 +0000 (10:48 +0200)
committer	Jiri Slaby <jslaby@suse.cz>
	Wed, 15 Jun 2016 13:51:47 +0000 (15:51 +0200)
commit	b85483c524e3f8dda532b5c13b1fb22a5404554c
tree	a338fcf06a9cef0fec4ea93ee50d308ecf16203d	tree \| snapshot
parent	94e3230bf179f9700e160c0f4a05305cc5299a62	commit \| diff

Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data

commit 84cb3df02aea4b00405521e67c4c67c2d525c364 upstream.

HCI_UART_PROTO_SET flag is set before hci_uart_set_proto call. If we
receive data from tty layer during this procedure, proto pointer may
not be assigned yet, leading to null pointer dereference in rx method
hci_uart_tty_receive.

This patch fixes this issue by introducing HCI_UART_PROTO_READY flag in
order to avoid any proto operation before proto opening and assignment.

Signed-off-by: Loic Poulain <loic.poulain@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: Oliver Neukum <oliver@neukum.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

drivers/bluetooth/hci_ldisc.c		diff \| blob \| history
drivers/bluetooth/hci_uart.h		diff \| blob \| history