Bluetooth: hci_ldisc: Fix null pointer derefence in case of early data HCI_UART_PROTO_SET flag is set before hci_uart_set_proto call. If we receive data from tty layer during this procedure, proto pointer may not be assigned yet, leading to null pointer dereference in rx method hci_uart_tty_receive. This patch fixes this issue by introducing HCI_UART_PROTO_READY flag in order to avoid any proto operation before proto opening and assignment. Signed-off-by: Loic Poulain <loic.poulain@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

commit: 84cb3df02aea4b00405521e67c4c67c2d525c364 [log] [tgz]
author: Loic Poulain <loic.poulain@intel.com> Mon Apr 04 10:48:13 2016 +0200
committer: Marcel Holtmann <marcel@holtmann.org> Fri Apr 08 18:58:56 2016 +0200
tree: 4802172d6283adade1e8299ed851b4b2af8c14d2
parent: 1dbfc59a931495b2e7bdc4e85886162a0b03235b [diff] [blame]
diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h
index 4814ff0..839bad1 100644
--- a/drivers/bluetooth/hci_uart.h
+++ b/drivers/bluetooth/hci_uart.h

@@ -95,6 +95,7 @@
 /* HCI_UART proto flag bits */
 #define HCI_UART_PROTO_SET	0
 #define HCI_UART_REGISTERED	1
+#define HCI_UART_PROTO_READY	2
 
 /* TX states  */
 #define HCI_UART_SENDING	1
commit	84cb3df02aea4b00405521e67c4c67c2d525c364	[log] [tgz]
author	Loic Poulain <loic.poulain@intel.com>	Mon Apr 04 10:48:13 2016 +0200
committer	Marcel Holtmann <marcel@holtmann.org>	Fri Apr 08 18:58:56 2016 +0200
tree	4802172d6283adade1e8299ed851b4b2af8c14d2
parent	1dbfc59a931495b2e7bdc4e85886162a0b03235b [diff] [blame]