Bluetooth: Delay check for conn->smp in smp_conn_security()
Hand-port two fixes from upstream Linux to backports-custom:
commit d8949aad3eab5d396f4fefcd581773bf07b9a79e
Author: Johan Hedberg <johan.hedberg@intel.com>
Date: Fri Sep 4 12:22:46 2015 +0300
Bluetooth: Delay check for conn->smp in smp_conn_security()
There are several actions that smp_conn_security() might make that do
not require a valid SMP context (conn->smp pointer). One of these
actions is to encrypt the link with an existing LTK. If the SMP
context wasn't initialized properly we should still allow the
independent actions to be done, i.e. the check for the context should
only be done at the last possible moment.
Reported-by: Chuck Ebbert <cebbert.lkml@gmail.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 4.0+
commit 25ba265390c09b0a2b2f3fd9ba82e37248b7a371
Author: Johan Hedberg <johan.hedberg@intel.com>
Date: Mon Jul 20 20:31:25 2015 +0300
Bluetooth: Fix NULL pointer dereference in smp_conn_security
The l2cap_conn->smp pointer may be NULL for various valid reasons where SMP has
failed to initialize properly. One such scenario is when crypto support is
missing, another when the adapter has been powered on through a legacy method.
The smp_conn_security() function should have the appropriate check for this
situation to avoid NULL pointer dereferences.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 4.0+
Google-Bug-Id: 27138035
Change-Id: Id46d1ca7c6f2dddb1f5690057e09b7ee33fbdad8
1 file changed
