Bluetooth: Fix missing NULL check for smp_chan_create() return value

The smp_chan_create function may return NULL, e.g. in the case of memory
allocation failure, so we always need to check for this.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index e33a982161c1db063b5cb96f06a10babb5f0b436..1f4ed1e78e10cb11a8bcfb98a78acf1216d5d73d 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -888,6 +888,8 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
                return 0;
 
        smp = smp_chan_create(conn);
+       if (!smp)
+               return SMP_UNSPECIFIED;
 
        skb_pull(skb, sizeof(*rp));