michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: SMP: Fix zeroing smp

Browse source 
In smp_init we reset smp so that Pairing Failed command is deleted
from allowable commands and the pointer to the associated conn is lost.
With this patch associated conn is copied and the Pairing Failed
command is marked as allowed.

Change-Id: I7a71f985ca9d9d332e392aeb9368053a8c084750
Signed-off-by: Mariusz Skamra <mariusz.skamra@tieto.com>
This commit is contained in:
Mariusz Skamra 2015-07-22 18:24:10 +02:00 committed by Anas Nashif
commit c9287c2bc2
1 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
net/bluetooth/smp.c
View file

@ -317,6 +317,8 @@ static void send_err_rsp(struct bt_conn *conn, uint8_t reason)
static int smp_init(struct bt_smp *smp)
{
struct bt_conn *conn = smp->conn;
/* Initialize SMP context */
memset(smp, 0, sizeof(*smp));
@ -327,6 +329,10 @@ static int smp_init(struct bt_smp *smp)
BT_DBG("prnd %s\n", h(smp->prnd, 16));
smp->conn = conn;
atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
return 0;
}
@ -390,6 +396,7 @@ static uint8_t smp_pairing_req(struct bt_conn *conn, struct bt_buf *buf)
int bt_smp_send_security_req(struct bt_conn *conn)
{
struct bt_smp *smp = conn->smp;
struct bt_smp_security_request *req;
struct bt_buf *req_buf;
@ -407,6 +414,8 @@ int bt_smp_send_security_req(struct bt_conn *conn)
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
return 0;
}
@ -946,8 +955,6 @@ static void bt_smp_connected(struct bt_conn *conn)
smp->conn = conn;
conn->smp = smp;
atomic_set_bit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
if (conn->role == BT_HCI_ROLE_MASTER) {
atomic_set_bit(&smp->allowed_cmds,
BT_SMP_CMD_SECURITY_REQUEST);