From: Marcel Holtmann <marcel@holtmann.org>
Date: Thu, 3 Oct 2013 07:00:57 +0000 (-0700)
Subject: Bluetooth: SMP packets are only valid on LE connections
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7b9899dbcf432b188f3cc22bd1ad9e8050c496fc;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git

Bluetooth: SMP packets are only valid on LE connections

When receiving SMP packets on a BR/EDR connection, then just drop
the packet and do not try to process it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
---

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index b5562abdd6e0..6e0494971db1 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -847,10 +847,16 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
 
 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
 {
+	struct hci_conn *hcon = conn->hcon;
 	__u8 code = skb->data[0];
 	__u8 reason;
 	int err = 0;
 
+	if (hcon->type != LE_LINK) {
+		kfree_skb(skb);
+		return -ENOTSUPP;
+	}
+
 	if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) {
 		err = -ENOTSUPP;
 		reason = SMP_PAIRING_NOTSUPP;