Bluetooth: Fix requiring SMP MITM for outgoing connections

commit 79897d2097a629179e142014ecd3cdce6eac7f0e upstream.

Due to recent changes to the way that the MITM requirement is set for
outgoing pairing attempts we can no longer rely on the hcon->auth_type
variable (which is actually good since it was formed from BR/EDR
concepts that don't really exist for SMP).

To match the logic that BR/EDR now uses simply rely on the local IO
capability and/or needed security level to set the MITM requirement for
outgoing pairing requests.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index dfb4e1161c10fbb62b6ac43220949992a5075dfc..956d127528cbab2cfcf80953fd698fb2fd8bc9a7 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -908,10 +908,11 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
 
        authreq = seclevel_to_authreq(sec_level);
 
-       /* hcon->auth_type is set by pair_device in mgmt.c. If the MITM
-        * flag is set we should also set it for the SMP request.
+       /* Require MITM if IO Capability allows or the security level
+        * requires it.
         */
-       if ((hcon->auth_type & 0x01))
+       if (hcon->io_capability != HCI_IO_NO_INPUT_OUTPUT ||
+           sec_level > BT_SECURITY_MEDIUM)
                authreq |= SMP_AUTH_MITM;
 
        if (hcon->link_mode & HCI_LM_MASTER) {