From a80ab8bcf68e702f15629f7a63b0cfa978a81afd Mon Sep 17 00:00:00 2001
From: Joakim Andersson <joakim.andersson@nordicsemi.no>
Date: Wed, 7 Aug 2019 13:55:17 +0200
Subject: [PATCH] Bluetooth: SMP: Fix kernel crash if auth handler is NULL

Fix kernel crash if bluetooth authentication handlers has not been
registered. The bt_auth object is then NULL, this dereference caused a
call to an invalid function pointer.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
---
 subsys/bluetooth/host/smp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/subsys/bluetooth/host/smp.c b/subsys/bluetooth/host/smp.c
index 93f26654f809d4..617866b2310f73 100644
--- a/subsys/bluetooth/host/smp.c
+++ b/subsys/bluetooth/host/smp.c
@@ -3118,7 +3118,7 @@ static u8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf)
 			return BT_SMP_ERR_UNSPECIFIED;
 		}
 
-		if (bt_auth->oob_data_request) {
+		if (bt_auth && bt_auth->oob_data_request) {
 			struct bt_conn_oob_info info = {
 				.type = BT_CONN_OOB_LE_SC,
 				.lesc.oob_config = BT_CONN_OOB_NO_DATA,
@@ -3528,7 +3528,7 @@ static u8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
 				return BT_SMP_ERR_UNSPECIFIED;
 			}
 
-			if (bt_auth->oob_data_request) {
+			if (bt_auth && bt_auth->oob_data_request) {
 				struct bt_conn_oob_info info = {
 					.type = BT_CONN_OOB_LE_SC,
 					.lesc.oob_config = BT_CONN_OOB_NO_DATA,