Bluetooth: Always request for user confirmation for Just Works

To improve security, always give the user-space daemon a chance to
accept or reject a Just Works pairing (LE). The daemon may decide to
auto-accept based on the user's intent.

Signed-off-by: Sonny Sasaka <sonnysasaka@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 1476a91..d0b695e 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -855,6 +855,7 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
        struct smp_chan *smp = chan->data;
        u32 passkey = 0;
        int ret = 0;
+       int err;
 
        /* Initialize key for JUST WORKS */
        memset(smp->tk, 0, sizeof(smp->tk));
@@ -883,9 +884,16 @@ static int tk_request(struct l2cap_conn *conn, u8 remote_oob, u8 auth,
            hcon->io_capability == HCI_IO_NO_INPUT_OUTPUT)
                smp->method = JUST_WORKS;
 
-       /* If Just Works, Continue with Zero TK */
+       /* If Just Works, Continue with Zero TK and ask user-space for
+        * confirmation */
        if (smp->method == JUST_WORKS) {
-               set_bit(SMP_FLAG_TK_VALID, &smp->flags);
+               err = mgmt_user_confirm_request(hcon->hdev, &hcon->dst,
+                                               hcon->type,
+                                               hcon->dst_type,
+                                               passkey, 1);
+               if (err)
+                       return SMP_UNSPECIFIED;
+               set_bit(SMP_FLAG_WAIT_USER, &smp->flags);
                return 0;
        }