Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1338778ybi;
        Wed, 3 Jul 2019 13:54:47 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzBw/4sbZxdsIZ32aeBOxdWbw6+/Aff5zatR9jNMZ45ppZn8d806ohJL0rQCTRxyRpFyE0N
X-Received: by 2002:a63:d04e:: with SMTP id s14mr13626351pgi.189.1562187287108;
        Wed, 03 Jul 2019 13:54:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562187287; cv=none;
        d=google.com; s=arc-20160816;
        b=ldLQaS09DUwN1nvOYqKrR/xDKdITWBlq6sYlcefQcdg6ZaZpyH67ZoGeRJ5V6HKeKx
         n0EurUZhwmVMdpPjG5UcoTxL2sRCCSIlWkLZDJ0Gu6wN0rD1KNNYSdit75vN0dWlq/tk
         ZqLmrbNtlfq0l95d1sUeadXBJ52+TRWUEGWUNm5ERQ9bz7wZONxEjwvhQ6xKbah/49Th
         FzjVjlFD4VKbSiL9B6t6jioNVdjDpTLH8X/v2QtHzAZ3vAaUrXZcBcTGwO+JddXAOHP9
         CsdPtWb6GQWXyx96vGcz2buTk2SG8RHcj15uCHSwqriwYaPZ8OhZMx1H2dyGgM/d5jS/
         oAMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=H5/vTywoUf8KN7oMbeyk98PwvJMWwDlaKHm1cB7Atu8=;
        b=GZsmbgi2uGKeriMkYEa1IM6UYlXGBpddTCEJIymzKNAZVv0eryJKj/M6Hgj6/OvQV5
         dNmqWGv+8XgWixqZpdvsRINR/giicDVU0+7QLj8ZT755fThgsLbenKkmw4O7mlQYYr2d
         JhvgH0fav4EsAVX5k/OIUbvo3vuvmqvMG4zSVKc1TK09M/ldMJUmZVjBi1aD0/Wobwsx
         rXW9dNVdo91wj2TBnndVmjGQfMZ79I/c1c6LJR/jAhWNB4uD2PaysJxUfmwduxQ2ACh5
         4A0ZJQCV9c6MZ2X/xh9ITaQxt8p4PHgfYpNEd0Su3xVz7F9p0rQUe0v7qqmETdNltL1N
         XDWA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v14si3231004pff.28.2019.07.03.13.54.16;
        Wed, 03 Jul 2019 13:54:47 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727056AbfGCUxn (ORCPT <rfc822;mathiasrobaert@gmail.com>
        + 99 others); Wed, 3 Jul 2019 16:53:43 -0400
Received: from mga12.intel.com ([192.55.52.136]:8865 "EHLO mga12.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726739AbfGCUxn (ORCPT <rfc822;linux-bluetooth@vger.kernel.org>);
        Wed, 3 Jul 2019 16:53:43 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Jul 2019 13:53:43 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,448,1557212400"; 
   d="scan'208";a="166087470"
Received: from ingas-nuc1.sea.intel.com ([10.254.86.21])
  by fmsmga007.fm.intel.com with ESMTP; 03 Jul 2019 13:53:43 -0700
From:   Inga Stotland <inga.stotland@intel.com>
To:     linux-bluetooth@vger.kernel.org
Cc:     brian.gix@intel.com, michal.lowas-rzechonek@silvair.com,
        Inga Stotland <inga.stotland@intel.com>
Subject: [PATCH BlueZ 1/1] mesh: Fix checks when restoring internal model state
Date:   Wed,  3 Jul 2019 13:53:41 -0700
Message-Id: <20190703205341.11065-1-inga.stotland@intel.com>
X-Mailer: git-send-email 2.21.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

This fixes incorrect conditional checks in restore_model_state()
which could lead to dereferencing a NULL pointer.

Wrong: if (l_queue_isempty(mod->bindings) || !mod->cbs->bind) ...
Fixed: if (!l_queue_isempty(mod->bindings) && cbs->bind) ...
---
 mesh/model.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mesh/model.c b/mesh/model.c
index a2b3e5c18..e4a7ba94e 100644
--- a/mesh/model.c
+++ b/mesh/model.c
@@ -1077,7 +1077,7 @@ static void restore_model_state(struct mesh_model *mod)
 	if (!cbs)
 		return;
 
-	if (l_queue_isempty(mod->bindings) || !mod->cbs->bind) {
+	if (!l_queue_isempty(mod->bindings) && cbs->bind) {
 		for (b = l_queue_get_entries(mod->bindings); b; b = b->next) {
 			if (cbs->bind(L_PTR_TO_UINT(b->data), ACTION_ADD) !=
 							MESH_STATUS_SUCCESS)
-- 
2.21.0