diff options
| -rw-r--r-- | net/bluetooth/hci_event.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index f0f220057f21..8980bd24b8c0 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
| @@ -3664,18 +3664,14 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb) | |||
| 3664 | 3664 | ||
| 3665 | /* If we are initiators, there is no remote information yet */ | 3665 | /* If we are initiators, there is no remote information yet */ |
| 3666 | if (conn->remote_auth == 0xff) { | 3666 | if (conn->remote_auth == 0xff) { |
| 3667 | cp.authentication = conn->auth_type; | ||
| 3668 | |||
| 3669 | /* Request MITM protection if our IO caps allow it | 3667 | /* Request MITM protection if our IO caps allow it |
| 3670 | * except for the no-bonding case. | 3668 | * except for the no-bonding case. |
| 3671 | * conn->auth_type is not updated here since | ||
| 3672 | * that might cause the user confirmation to be | ||
| 3673 | * rejected in case the remote doesn't have the | ||
| 3674 | * IO capabilities for MITM. | ||
| 3675 | */ | 3669 | */ |
| 3676 | if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && | 3670 | if (conn->io_capability != HCI_IO_NO_INPUT_OUTPUT && |
| 3677 | cp.authentication != HCI_AT_NO_BONDING) | 3671 | cp.authentication != HCI_AT_NO_BONDING) |
| 3678 | cp.authentication |= 0x01; | 3672 | conn->auth_type |= 0x01; |
| 3673 | |||
| 3674 | cp.authentication = conn->auth_type; | ||
| 3679 | } else { | 3675 | } else { |
| 3680 | conn->auth_type = hci_get_auth_req(conn); | 3676 | conn->auth_type = hci_get_auth_req(conn); |
| 3681 | cp.authentication = conn->auth_type; | 3677 | cp.authentication = conn->auth_type; |
| @@ -3747,9 +3743,12 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev, | |||
| 3747 | rem_mitm = (conn->remote_auth & 0x01); | 3743 | rem_mitm = (conn->remote_auth & 0x01); |
| 3748 | 3744 | ||
| 3749 | /* If we require MITM but the remote device can't provide that | 3745 | /* If we require MITM but the remote device can't provide that |
| 3750 | * (it has NoInputNoOutput) then reject the confirmation request | 3746 | * (it has NoInputNoOutput) then reject the confirmation |
| 3747 | * request. We check the security level here since it doesn't | ||
| 3748 | * necessarily match conn->auth_type. | ||
| 3751 | */ | 3749 | */ |
| 3752 | if (loc_mitm && conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) { | 3750 | if (conn->pending_sec_level > BT_SECURITY_MEDIUM && |
| 3751 | conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) { | ||
| 3753 | BT_DBG("Rejecting request: remote device can't provide MITM"); | 3752 | BT_DBG("Rejecting request: remote device can't provide MITM"); |
| 3754 | hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY, | 3753 | hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY, |
| 3755 | sizeof(ev->bdaddr), &ev->bdaddr); | 3754 | sizeof(ev->bdaddr), &ev->bdaddr); |