Bluetooth: Limit security mode 4 level 0 to connection oriented channels (6a974b50) · Commits · 戴 / test

net/bluetooth/l2cap_core.c

+15 −9

Original line number	Diff line number	Diff line
		@@ -677,7 +677,8 @@ void l2cap_chan_close(struct l2cap_chan *chan, int reason)

		static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
		{
		if (chan->chan_type == L2CAP_CHAN_RAW) {
		switch (chan->chan_type) {
		case L2CAP_CHAN_RAW:
		switch (chan->sec_level) {
		case BT_SECURITY_HIGH:
		return HCI_AT_DEDICATED_BONDING_MITM;
		@@ -686,7 +687,9 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
		default:
		return HCI_AT_NO_BONDING;
		}
		} else if (chan->psm == __constant_cpu_to_le16(L2CAP_PSM_SDP)) {
		break;
		case L2CAP_CHAN_CONN_ORIENTED:
		if (chan->psm == __constant_cpu_to_le16(L2CAP_PSM_SDP)) {
		if (chan->sec_level == BT_SECURITY_LOW)
		chan->sec_level = BT_SECURITY_SDP;

		@@ -694,7 +697,9 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
		return HCI_AT_NO_BONDING_MITM;
		else
		return HCI_AT_NO_BONDING;
		} else {
		}
		/* fall through */
		default:
		switch (chan->sec_level) {
		case BT_SECURITY_HIGH:
		return HCI_AT_GENERAL_BONDING_MITM;
		@@ -703,6 +708,7 @@ static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
		default:
		return HCI_AT_NO_BONDING;
		}
		break;
		}
		}

+7 −3

Original line number	Diff line number	Diff line
		@@ -100,9 +100,13 @@ static int l2cap_sock_bind(struct socket sock, struct sockaddr addr, int alen)
		if (err < 0)
		goto done;

		switch (chan->chan_type) {
		case L2CAP_CHAN_CONN_ORIENTED:
		if (__le16_to_cpu(la.l2_psm) == L2CAP_PSM_SDP \|\|
		__le16_to_cpu(la.l2_psm) == L2CAP_PSM_RFCOMM)
		chan->sec_level = BT_SECURITY_SDP;
		break;
		}

		bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);