Bluetooth: Fix allowing initiating pairing when not pairable
authorJohan Hedberg <johan.hedberg@intel.com>
Thu, 17 Jul 2014 12:35:40 +0000 (15:35 +0300)
committerMarcel Holtmann <marcel@holtmann.org>
Thu, 17 Jul 2014 12:39:40 +0000 (14:39 +0200)
When we're not pairable we should still allow us to act as initiators
for pairing, i.e. the HCI_PAIRABLE flag should only be affecting
incoming pairing attempts. This patch fixes the relevant checks for the
hci_io_capa_request_evt() and hci_pin_code_request_evt() functions.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
net/bluetooth/hci_event.c

index af2cdca03d737a7c25b066b94b55e9ad2d5e610a..4c41774aa5565cbd7aa0c99ad74adbacea87e8ce 100644 (file)
@@ -3118,10 +3118,11 @@ static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
                hci_conn_drop(conn);
        }
 
-       if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
+       if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags) &&
+           !test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags)) {
                hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
                             sizeof(ev->bdaddr), &ev->bdaddr);
-       else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
+       else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
                u8 secure;
 
                if (conn->pending_sec_level == BT_SECURITY_HIGH)
@@ -3647,7 +3648,11 @@ static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
        if (!test_bit(HCI_MGMT, &hdev->dev_flags))
                goto unlock;
 
+       /* Allow pairing if we're pairable, the initiators of the
+        * pairing or if the remote is not requesting bonding.
+        */
        if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
+           test_bit(HCI_CONN_AUTH_INITIATOR, &conn->flags) ||
            (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
                struct hci_cp_io_capability_reply cp;