Commit 9ca69b70 authored by David S. Miller's avatar David S. Miller

Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth

Johan Hedberg says:

====================
pull request: bluetooth 2016-02-20

Here's an important patch for 4.5 which fixes potential invalid pointer
access when processing completed Bluetooth HCI commands.

Please let me know if there are any issues pulling. Thanks.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents b5a099c6 3bd7594e
...@@ -4112,8 +4112,10 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status, ...@@ -4112,8 +4112,10 @@ void hci_req_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 status,
break; break;
} }
*req_complete = bt_cb(skb)->hci.req_complete; if (bt_cb(skb)->hci.req_flags & HCI_REQ_SKB)
*req_complete_skb = bt_cb(skb)->hci.req_complete_skb; *req_complete_skb = bt_cb(skb)->hci.req_complete_skb;
else
*req_complete = bt_cb(skb)->hci.req_complete;
kfree_skb(skb); kfree_skb(skb);
} }
spin_unlock_irqrestore(&hdev->cmd_q.lock, flags); spin_unlock_irqrestore(&hdev->cmd_q.lock, flags);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment