From c29d2444170a4e0709331e357a2738a02666a633 Mon Sep 17 00:00:00 2001
From: Johan Hedberg <johan.hedberg@intel.com>
Date: Mon, 16 Jun 2014 19:25:14 +0300
Subject: [PATCH] Bluetooth: Fix missing NULL check for smp_chan_create()
 return value

The smp_chan_create function may return NULL, e.g. in the case of memory
allocation failure, so we always need to check for this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
 net/bluetooth/smp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index e33a982161c1..1f4ed1e78e10 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -888,6 +888,8 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
 		return 0;
 
 	smp = smp_chan_create(conn);
+	if (!smp)
+		return SMP_UNSPECIFIED;
 
 	skb_pull(skb, sizeof(*rp));
 
-- 
2.34.1