commit c19483cc5e56ac5e22dd19cf25ba210ab1537773 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

bluetooth: Fix missing NULL check

Fortunately this is only exploitable on very unusual hardware.

[Reported a while ago but nothing happened so just fixing it]

Signed-off-by: Alan Cox <alan@linux.intel.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by Alan Cox and committed by Linus Torvalds 15 years ago c19483cc d4429f60

1 changed file

expand all

unified split

drivers

bluetooth

hci_ldisc.c

drivers/bluetooth/hci_ldisc.c

··· 256 257 BT_DBG("tty %p", tty); 258 259 if (hu) 260 return -EEXIST; 261 262 if (!(hu = kzalloc(sizeof(struct hci_uart), GFP_KERNEL))) { 263 BT_ERR("Can't allocate control structure");

··· 256 257 BT_DBG("tty %p", tty); 258 259 + /* FIXME: This btw is bogus, nothing requires the old ldisc to clear 260 + the pointer */ 261 if (hu) 262 return -EEXIST; 263 + 264 + /* Error if the tty has no write op instead of leaving an exploitable 265 + hole */ 266 + if (tty->ops->write == NULL) 267 + return -EOPNOTSUPP; 268 269 if (!(hu = kzalloc(sizeof(struct hci_uart), GFP_KERNEL))) { 270 BT_ERR("Can't allocate control structure");