From c9287c2bc2b7beba3d83be07b166e7b6152d44bd Mon Sep 17 00:00:00 2001 From: Mariusz Skamra Date: Wed, 22 Jul 2015 18:24:10 +0200 Subject: [PATCH] Bluetooth: SMP: Fix zeroing smp In smp_init we reset smp so that Pairing Failed command is deleted from allowable commands and the pointer to the associated conn is lost. With this patch associated conn is copied and the Pairing Failed command is marked as allowed. Change-Id: I7a71f985ca9d9d332e392aeb9368053a8c084750 Signed-off-by: Mariusz Skamra --- net/bluetooth/smp.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 2cbdefb31de..5e844128289 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -317,6 +317,8 @@ static void send_err_rsp(struct bt_conn *conn, uint8_t reason) static int smp_init(struct bt_smp *smp) { + struct bt_conn *conn = smp->conn; + /* Initialize SMP context */ memset(smp, 0, sizeof(*smp)); @@ -327,6 +329,10 @@ static int smp_init(struct bt_smp *smp) BT_DBG("prnd %s\n", h(smp->prnd, 16)); + smp->conn = conn; + + atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL); + return 0; } @@ -390,6 +396,7 @@ static uint8_t smp_pairing_req(struct bt_conn *conn, struct bt_buf *buf) int bt_smp_send_security_req(struct bt_conn *conn) { + struct bt_smp *smp = conn->smp; struct bt_smp_security_request *req; struct bt_buf *req_buf; @@ -407,6 +414,8 @@ int bt_smp_send_security_req(struct bt_conn *conn) bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf); + atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL); + return 0; } @@ -946,8 +955,6 @@ static void bt_smp_connected(struct bt_conn *conn) smp->conn = conn; conn->smp = smp; - atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL); - if (conn->role == BT_HCI_ROLE_MASTER) { atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);