Commit 6a974b50 authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Johan Hedberg

Bluetooth: Limit security mode 4 level 0 to connection oriented channels

The exception for certain PSM channels when it comes to security
mode 4 level 0 should only be checked when actually a connection
oriented channel is established.
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent 43b1b8df
...@@ -677,7 +677,8 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason) ...@@ -677,7 +677,8 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)
static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
{ {
if (chan->chan_type == L2CAP_CHAN_RAW) { switch (chan->chan_type) {
case L2CAP_CHAN_RAW:
switch (chan->sec_level) { switch (chan->sec_level) {
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
return HCI_AT_DEDICATED_BONDING_MITM; return HCI_AT_DEDICATED_BONDING_MITM;
...@@ -686,7 +687,9 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) ...@@ -686,7 +687,9 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
default: default:
return HCI_AT_NO_BONDING; return HCI_AT_NO_BONDING;
} }
} else if (chan->psm == __constant_cpu_to_le16(L2CAP_PSM_SDP)) { break;
case L2CAP_CHAN_CONN_ORIENTED:
if (chan->psm == __constant_cpu_to_le16(L2CAP_PSM_SDP)) {
if (chan->sec_level == BT_SECURITY_LOW) if (chan->sec_level == BT_SECURITY_LOW)
chan->sec_level = BT_SECURITY_SDP; chan->sec_level = BT_SECURITY_SDP;
...@@ -694,7 +697,9 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) ...@@ -694,7 +697,9 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
return HCI_AT_NO_BONDING_MITM; return HCI_AT_NO_BONDING_MITM;
else else
return HCI_AT_NO_BONDING; return HCI_AT_NO_BONDING;
} else { }
/* fall through */
default:
switch (chan->sec_level) { switch (chan->sec_level) {
case BT_SECURITY_HIGH: case BT_SECURITY_HIGH:
return HCI_AT_GENERAL_BONDING_MITM; return HCI_AT_GENERAL_BONDING_MITM;
...@@ -703,6 +708,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan) ...@@ -703,6 +708,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
default: default:
return HCI_AT_NO_BONDING; return HCI_AT_NO_BONDING;
} }
break;
} }
} }
......
...@@ -100,9 +100,13 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) ...@@ -100,9 +100,13 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
if (err < 0) if (err < 0)
goto done; goto done;
switch (chan->chan_type) {
case L2CAP_CHAN_CONN_ORIENTED:
if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP || if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP ||
__le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM) __le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
chan->sec_level = BT_SECURITY_SDP; chan->sec_level = BT_SECURITY_SDP;
break;
}
bacpy(&bt_sk(sk)->src, &la.l2_bdaddr); bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment