Bluetooth: Fix potential NULL pointer dereference in SMP

[deliverable/linux.git] / net / bluetooth / smp.c

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 8d618e4654a54c74b65bbec28fd76fdbcc5cb708..b8c31467a7ac683b7693b236be9b953603b64b07 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -884,11 +884,17 @@ bool smp_sufficient_security(struct hci_conn *hcon, u8 sec_level)
 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
 {
        struct l2cap_conn *conn = hcon->l2cap_data;
-       struct smp_chan *smp = conn->smp_chan;
+       struct smp_chan *smp;
        __u8 authreq;
 
        BT_DBG("conn %p hcon %p level 0x%2.2x", conn, hcon, sec_level);
 
+       /* This may be NULL if there's an unexpected disconnection */
+       if (!conn)
+               return 1;
+
+       smp = conn->smp_chan;
+
        if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
                return 1;