Bluetooth: Fix dereferencing conn variable before NULL check

This patch fixes the following type of static analyzer warning (and
probably a real bug as well as the NULL check should be there for a
reason):

net/bluetooth/smp.c:1182 smp_conn_security() warn: variable dereferenced before check 'conn' (see line 1174)

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 1201670..560f78a 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -1210,7 +1210,7 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
 int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
 {
        struct l2cap_conn *conn = hcon->l2cap_data;
-       struct l2cap_chan *chan = conn->smp;
+       struct l2cap_chan *chan;
        struct smp_chan *smp;
        __u8 authreq;
        int ret;
@@ -1221,6 +1221,8 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
        if (!conn)
                return 1;
 
+       chan = conn->smp;
+
        if (!test_bit(HCI_LE_ENABLED, &hcon->hdev->dev_flags))
                return 1;