zygo: net/bluetooth: avoid NULL pointer dereference, try 3: fix it, don't just compla...

author Zygo Blaxell <zblaxell@satsuki.furryterror.org>

Tue, 8 May 2012 01:00:10 +0000 (21:00 -0400)

committer Zygo Blaxell <zblaxell@faye.furryterror.org>

Mon, 14 May 2012 14:49:34 +0000 (10:49 -0400)
author Zygo Blaxell <zblaxell@satsuki.furryterror.org>
Tue, 8 May 2012 01:00:10 +0000 (21:00 -0400)
committer Zygo Blaxell <zblaxell@faye.furryterror.org>
Mon, 14 May 2012 14:49:34 +0000 (10:49 -0400)
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c

index e7e3d884b3f4791b0011e2a45b36771ef369713c..458a6f7e38b87d0de1887804a2616698de1d0336 100644 (file)
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -376,9 +376,13 @@ static void __sco_sock_close(struct sock *sk)
                         sk->sk_state = BT_DISCONN;
                         sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
                         BT_DBG("BT_CONNECTED -> BT_DISCONN sco_pi(sk) %p", sco_pi(sk));
-                       BT_DBG("BT_DISCONN sco_pi(sk)->conn %p", sco_pi(sk)->conn);
-                       BT_DBG("BT_DISCONN sco_pi(sk)->conn->hcon %p", sco_pi(sk)->conn->hcon);
+                       if (!sco_pi(sk)) break;
+                       BT_DBG("BT_CONNECTED -> BT_DISCONN sco_pi(sk)->conn %p", sco_pi(sk)->conn);
+                       if (!sco_pi(sk)->conn) break;
+                       BT_DBG("BT_CONNECTED -> BT_DISCONN sco_pi(sk)->conn->hcon %p", sco_pi(sk)->conn->hcon);
+                       if (!sco_pi(sk)->conn->hcon) break;
                         hci_conn_put(sco_pi(sk)->conn->hcon);
+                       BT_DBG("BT_CONNECTED -> BT_DISCONN sco_pi(sk)->conn->hcon = NULL");
                         sco_pi(sk)->conn->hcon = NULL;
                 } else
                         sco_chan_del(sk, ECONNRESET);
author	Zygo Blaxell <zblaxell@satsuki.furryterror.org>
	Tue, 8 May 2012 01:00:10 +0000 (21:00 -0400)
committer	Zygo Blaxell <zblaxell@faye.furryterror.org>
	Mon, 14 May 2012 14:49:34 +0000 (10:49 -0400)