Hi,
>Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@xxxxxxxxx>
>---
> net/bluetooth/hci_event.c | 21 +++++++++++++++++----
> 1 files changed, 17 insertions(+), 4 deletions(-)
>
>diff --git a/net/bluetooth/hci_event.c
>b/net/bluetooth/hci_event.c index 5c5e614..337da2b 100644
>--- a/net/bluetooth/hci_event.c
>+++ b/net/bluetooth/hci_event.c
>@@ -2044,11 +2044,24 @@ static inline void
>hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff
> }
>
> conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
>+ if (conn) {
>+ if (key->type == HCI_LK_UNAUTH_COMBINATION &&
>+ conn->auth_type != 0xff &&
>+ (conn->auth_type & 0x01)) {
>+ BT_DBG("%s ignoring unauthenticated
>key", hdev->name);
>+ goto not_found;
>+ }
>
>- if (key->type == HCI_LK_UNAUTH_COMBINATION && conn &&
>- conn->auth_type != 0xff &&
>(conn->auth_type & 0x01)) {
>- BT_DBG("%s ignoring unauthenticated key", hdev->name);
>- goto not_found;
>+ if (key->type == HCI_LK_COMBINATION &&
>+ conn->sec_level ==
>BT_SECURITY_HIGH &&
>+ conn->pin_length < 16) {
That's wrong. I should check it against stored key->pin_len and conn->pending_sec_level.
We are in the middle of authentication so we don't have conn->sec_level set properly yet. The same apply for conn->pin_length.
if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
conn->pending_sec_level == BT_SECURITY_HIGH) {
goto not_found;
}
/Waldek--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
