[Bluetooth] Fix NULL pointer dereferences of the HCI socket

[pandora-kernel.git] / net / bluetooth / hci_sock.c

diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index bdb6458..97bdec7 100644 (file)
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -143,13 +143,15 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
 static int hci_sock_release(struct socket *sock)
 {
        struct sock *sk = sock->sk;
-       struct hci_dev *hdev = hci_pi(sk)->hdev;
+       struct hci_dev *hdev;
 
        BT_DBG("sock %p sk %p", sock, sk);
 
        if (!sk)
                return 0;
 
+       hdev = hci_pi(sk)->hdev;
+
        bt_sock_unlink(&hci_sk_list, sk);
 
        if (hdev) {
@@ -311,14 +313,18 @@ static int hci_sock_getname(struct socket *sock, struct sockaddr *addr, int *add
 {
        struct sockaddr_hci *haddr = (struct sockaddr_hci *) addr;
        struct sock *sk = sock->sk;
+       struct hci_dev *hdev = hci_pi(sk)->hdev;
 
        BT_DBG("sock %p sk %p", sock, sk);
 
+       if (!hdev)
+               return -EBADFD;
+
        lock_sock(sk);
 
        *addr_len = sizeof(*haddr);
        haddr->hci_family = AF_BLUETOOTH;
-       haddr->hci_dev    = hci_pi(sk)->hdev->id;
+       haddr->hci_dev    = hdev->id;
 
        release_sock(sk);
        return 0;