Skip to content

Commit

Permalink
Bluetooth: SMP: Fix kernel crash if auth handler is NULL
Browse files Browse the repository at this point in the history 
Fix kernel crash if bluetooth authentication handlers has not been
registered. The bt_auth object is then NULL, this dereference caused a
call to an invalid function pointer.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
  • Loading branch information
@joerchan @carlescufi
joerchan authored and carlescufi committed Aug 7, 2019
1 parent f42617a commit a80ab8b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions subsys/bluetooth/host/smp.c
View file
Expand Up @@ -3118,7 +3118,7 @@ static u8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf)
return BT_SMP_ERR_UNSPECIFIED; return BT_SMP_ERR_UNSPECIFIED;
} }


if (bt_auth->oob_data_request) { if (bt_auth && bt_auth->oob_data_request) {
struct bt_conn_oob_info info = { struct bt_conn_oob_info info = {
.type = BT_CONN_OOB_LE_SC, .type = BT_CONN_OOB_LE_SC,
.lesc.oob_config = BT_CONN_OOB_NO_DATA, .lesc.oob_config = BT_CONN_OOB_NO_DATA,
Expand Down Expand Up @@ -3528,7 +3528,7 @@ static u8_t smp_public_key(struct bt_smp *smp, struct net_buf *buf)
return BT_SMP_ERR_UNSPECIFIED; return BT_SMP_ERR_UNSPECIFIED;
} }


if (bt_auth->oob_data_request) { if (bt_auth && bt_auth->oob_data_request) {
struct bt_conn_oob_info info = { struct bt_conn_oob_info info = {
.type = BT_CONN_OOB_LE_SC, .type = BT_CONN_OOB_LE_SC,
.lesc.oob_config = BT_CONN_OOB_NO_DATA, .lesc.oob_config = BT_CONN_OOB_NO_DATA,
Expand Down

0 comments on commit a80ab8b

Please sign in to comment.