forge/linux-pinenote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bluetooth: Fix SMP security level when we have no IO capabilities

Browse source 
When the local IO capability is NoInputNoOutput any attempt to convert
the remote authentication requirement to a target security level is
futile. This patch makes sure that we set the target security level at
most to MEDIUM if the local IO capability is NoInputNoOutput.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
This commit is contained in:
Johan Hedberg 2014-09-10 17:37:44 -07:00 committed by Marcel Holtmann
commit 1afc2a1ab6
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
net/bluetooth/smp.c
View file

@ -959,7 +959,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
memcpy(&smp->preq[1], req, sizeof(*req)); memcpy(&smp->preq[1], req, sizeof(*req));
skb_pull(skb, sizeof(*req)); skb_pull(skb, sizeof(*req));
if (conn->hcon->io_capability == 0x03)
sec_level = BT_SECURITY_MEDIUM;
else
sec_level = authreq_to_seclevel(auth); sec_level = authreq_to_seclevel(auth);
if (sec_level > conn->hcon->pending_sec_level) if (sec_level > conn->hcon->pending_sec_level)
conn->hcon->pending_sec_level = sec_level; conn->hcon->pending_sec_level = sec_level;
@ -1165,7 +1169,11 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
auth = rp->auth_req & AUTH_REQ_MASK; auth = rp->auth_req & AUTH_REQ_MASK;
if (hcon->io_capability == 0x03)
sec_level = BT_SECURITY_MEDIUM;
else
sec_level = authreq_to_seclevel(auth); sec_level = authreq_to_seclevel(auth);
if (smp_sufficient_security(hcon, sec_level)) if (smp_sufficient_security(hcon, sec_level))
return 0; return 0;