diff options
author | Loic Poulain <loic.poulain@intel.com> | 2016-04-04 11:48:13 +0300 |
---|---|---|
committer | Marcel Holtmann <marcel@holtmann.org> | 2016-04-08 19:58:56 +0300 |
commit | 84cb3df02aea4b00405521e67c4c67c2d525c364 (patch) | |
tree | 4802172d6283adade1e8299ed851b4b2af8c14d2 /drivers/bluetooth/hci_uart.h | |
parent | 1dbfc59a931495b2e7bdc4e85886162a0b03235b (diff) | |
download | linux-84cb3df02aea4b00405521e67c4c67c2d525c364.tar.xz |
Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data
HCI_UART_PROTO_SET flag is set before hci_uart_set_proto call. If we
receive data from tty layer during this procedure, proto pointer may
not be assigned yet, leading to null pointer dereference in rx method
hci_uart_tty_receive.
This patch fixes this issue by introducing HCI_UART_PROTO_READY flag in
order to avoid any proto operation before proto opening and assignment.
Signed-off-by: Loic Poulain <loic.poulain@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'drivers/bluetooth/hci_uart.h')
-rw-r--r-- | drivers/bluetooth/hci_uart.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h index 4814ff08f427..839bad1d8152 100644 --- a/drivers/bluetooth/hci_uart.h +++ b/drivers/bluetooth/hci_uart.h @@ -95,6 +95,7 @@ struct hci_uart { /* HCI_UART proto flag bits */ #define HCI_UART_PROTO_SET 0 #define HCI_UART_REGISTERED 1 +#define HCI_UART_PROTO_READY 2 /* TX states */ #define HCI_UART_SENDING 1 |