[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bluetooth-dev] bug in l2cap.c



This is in process_request() in l2cap.c:

		if ((con = check_remote_cid(hci_handle, 
					  conreq->src_cid)) == NULL) {
			D_ERR(FNC"couldn't find l2cap connection\n");
			l2cap_cmdrej(con->hci_hdl, CMDREJ_INVALIDCID,
				     "Invalid CID", 13);
			return;
		}

con->hci_hdl will be a dereference of the NULL pointer.

Eric
-
To unsubscribe from this list: send the line "unsubscribe bluetooth-dev" in
the body of a message to majordomo@xxxxxxx.com