Bluetooth: hci_ldisc: Add missing return in hci_uart_init_work()
authorDean Jenkins <Dean_Jenkins@mentor.com>
Thu, 20 Apr 2017 17:06:39 +0000 (18:06 +0100)
committerMarcel Holtmann <marcel@holtmann.org>
Sat, 22 Apr 2017 08:28:40 +0000 (10:28 +0200)
If hci_register_dev() returns an error in hci_uart_init_work()
then the HCI_UART_REGISTERED bit gets erroneously set due to
a missing return statement. Therefore, add the missing return
statement.

The consequence of the missing return is that the HCI UART is not
registered but HCI_UART_REGISTERED is set which allows the code
to think that hu->hdev is safe to access but hu->hdev has been
freed so could lead to a crash.

Signed-off-by: Dean Jenkins <Dean_Jenkins@mentor.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
drivers/bluetooth/hci_ldisc.c

index cec4438ede010c9b64d88784c9a60be0227cee64..1166e3f5682d76e86f2f2b4c08260edbe442567f 100644 (file)
@@ -187,6 +187,7 @@ static void hci_uart_init_work(struct work_struct *work)
                hci_free_dev(hu->hdev);
                hu->hdev = NULL;
                hu->proto->close(hu);
+               return;
        }
 
        set_bit(HCI_UART_REGISTERED, &hu->flags);