CVS: The file 'linux/drivers/char/bluetooth/l2cap.c' has been modified.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

The following file was modified in linux/drivers/char/bluetooth:

Name            Old version     New version     Comment
----            -----------     -----------     -------
l2cap.c         1.101           1.102=20=20=20=20=20=20=20=20=20=20=20

The accompanying log:

--Checked in a temporary fix to the null pointer dereference in process_req=
uest. Eric Muehlhausen pointed this bug out. Mattias Agren said he'd check =
in a permanent fix when he brings in some other changes.


The diff of the modified file(s):

--- l2cap.c	2001/04/19 10:31:34	1.101
+++ l2cap.c	2001/04/19 14:37:33	1.102
@@ -952,6 +952,22 @@
 			print_data(__FUNCTION__ ": optional data : ",=20
 				 cmdreject->data, rsp->len-2);
=20
+		/* Find connection -- note that I'm not sure this is the right thing
+		   to do here. I just wanted to make sure we don't try to dereference
+		   a null 'con' pointer like we used to do. Mattias Agren promised
+		   to check in a real fix when he brings some other changes in.
+		   --gmcnutt (4/19/01)
+		 */
+		if ((conrsp =3D (sig_conrsp *)rsp->data) =3D=3D NULL) {
+			D_ERR(__FUNCTION__ ": no response data\n");
+			return;
+		}
+
+		if ((con =3D get_lcon(conrsp->src_cid)) =3D=3D NULL) {
+			D_ERR(__FUNCTION__ ": no connection\n");
+			return;
+		}
+
 		/* fixme -- set 'real' reason code */
 		con->c_status =3D CSTATUS_CMDREJECT;
=20=09=09


