commit 94ea7257ef24a007cb0e26476ed8871f179a749f
author Johan Hedberg <johan.hedberg@intel.com> Mon Mar 16 11:45:46 2015 +0200
committer Marcel Holtmann <marcel@holtmann.org> Mon Mar 16 17:16:46 2015 +0100
tree 66f5df07c3110b7cec8fa347c8411e24af2cc8d6
parent 58428563b5ea19c2ac8b6aca8073e48539023b26

Bluetooth: Fix verifying confirm value when lacking remote OOB data

If we haven't received remote OOB data we cannot perform any special
checks on the confirm value. This patch updates the check after having
received the public key to only perform the verification if we have
remote OOB data present.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

net/bluetooth/smp.c

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index b8a6ce8..de53ba1 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2562,7 +2562,7 @@
 		return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
 	}
 
-	if (smp->method == REQ_OOB) {
+	if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
 		err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
 			     smp->rr, 0, cfm.confirm_val);
 		if (err)
@@ -2570,7 +2570,9 @@
 
 		if (memcmp(cfm.confirm_val, smp->pcnf, 16))
 			return SMP_CONFIRM_FAILED;
+	}
 
+	if (smp->method == REQ_OOB) {
 		if (hcon->out)
 			smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,
 				     sizeof(smp->prnd), smp->prnd);