summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohan Hedberg <johan.hedberg@intel.com>2014-09-11 00:37:44 (GMT)
committerMarcel Holtmann <marcel@holtmann.org>2014-09-11 00:45:24 (GMT)
commit1afc2a1ab6612dcc3f26db7ca1afba9cff359f1c (patch)
tree732c2a96faeefeb35a72e89c0b1ee3fe8f3ece47
parent24bd0bd94e0947e257c5cd6a85b0e337d953e79c (diff)
downloadlinux-1afc2a1ab6612dcc3f26db7ca1afba9cff359f1c.tar.xz
Bluetooth: Fix SMP security level when we have no IO capabilities
When the local IO capability is NoInputNoOutput any attempt to convert the remote authentication requirement to a target security level is futile. This patch makes sure that we set the target security level at most to MEDIUM if the local IO capability is NoInputNoOutput. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-rw-r--r--net/bluetooth/smp.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index be8371b..a08b077 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -959,7 +959,11 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb)
memcpy(&smp->preq[1], req, sizeof(*req));
skb_pull(skb, sizeof(*req));
- sec_level = authreq_to_seclevel(auth);
+ if (conn->hcon->io_capability == 0x03)
+ sec_level = BT_SECURITY_MEDIUM;
+ else
+ sec_level = authreq_to_seclevel(auth);
+
if (sec_level > conn->hcon->pending_sec_level)
conn->hcon->pending_sec_level = sec_level;
@@ -1165,7 +1169,11 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
auth = rp->auth_req & AUTH_REQ_MASK;
- sec_level = authreq_to_seclevel(auth);
+ if (hcon->io_capability == 0x03)
+ sec_level = BT_SECURITY_MEDIUM;
+ else
+ sec_level = authreq_to_seclevel(auth);
+
if (smp_sufficient_security(hcon, sec_level))
return 0;