Merge branch 'master' of git://1984.lsi.us.es/nf

author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-02-21 17:07:14 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-02-21 17:07:14 +0100
commit: e29371d762df5bb35d2bc434ea266a046e5a0a75 (patch)
tree: dac4a8db52d92453415f35606130a49e9f32e4ef /net/bluetooth/smp.c
parent: 17b14ca25e9cd6c5cd7605941f6120e405a84f8b (diff)
parent: 894e2ac82bd0029adce7ad6c8d25501fdd82c994 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index a5923378bdf..5abefb12891 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -167,7 +167,7 @@ static struct sk_buff *smp_build_cmd(struct l2cap_conn *conn, u8 code,
 
 	lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
 	lh->len = cpu_to_le16(sizeof(code) + dlen);
-	lh->cid = cpu_to_le16(L2CAP_CID_SMP);
+	lh->cid = __constant_cpu_to_le16(L2CAP_CID_SMP);
 
 	memcpy(skb_put(skb, sizeof(code)), &code, sizeof(code));
 
@@ -859,6 +859,19 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
 
 	skb_pull(skb, sizeof(code));
 
+	/*
+	 * The SMP context must be initialized for all other PDUs except
+	 * pairing and security requests. If we get any other PDU when
+	 * not initialized simply disconnect (done if this function
+	 * returns an error).
+	 */
+	if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ &&
+	    !conn->smp_chan) {
+		BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code);
+		kfree_skb(skb);
+		return -ENOTSUPP;
+	}
+
 	switch (code) {
 	case SMP_CMD_PAIRING_REQ:
 		reason = smp_cmd_pairing_req(conn, skb);
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-02-21 17:07:14 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-02-21 17:07:14 +0100
commit	e29371d762df5bb35d2bc434ea266a046e5a0a75 (patch)
tree	dac4a8db52d92453415f35606130a49e9f32e4ef /net/bluetooth/smp.c
parent	17b14ca25e9cd6c5cd7605941f6120e405a84f8b (diff)
parent	894e2ac82bd0029adce7ad6c8d25501fdd82c994 (diff)