Bluetooth: Never deallocate a session when some DLC points to it
authorLukáš Turek <8an@praha12.net>
Wed, 5 Jan 2011 01:43:59 +0000 (02:43 +0100)
committerGustavo F. Padovan <padovan@profusion.mobi>
Wed, 19 Jan 2011 16:40:42 +0000 (14:40 -0200)
commit683d949a7fbf33c244670e34d35c460e0d6558cb
treefafa2f5c18d72466e859e7ade3f6a84d84bb7224
parente2e0cacbd4b0c7c69c7591d37c243f2363aeaa71
Bluetooth: Never deallocate a session when some DLC points to it

Fix a bug introduced in commit 9cf5b0ea3a7f1432c61029f7aaf4b8b338628884:
function rfcomm_recv_ua calls rfcomm_session_put without checking that
the session is not referenced by some DLC. If the session is freed, that
DLC would refer to deallocated memory, causing an oops later, as shown
in this bug report: https://bugzilla.kernel.org/show_bug.cgi?id=15994

Signed-off-by: Lukas Turek <8an@praha12.net>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
net/bluetooth/rfcomm/core.c