Bluetooth: SMP packets are only valid on LE connections

When receiving SMP packets on a BR/EDR connection, then just drop
the packet and do not try to process it.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>

diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index b5562abdd6e0c84e4a2f52f3175c8046ce70751c..6e0494971db12fea4bd654c55020eb3ca401faae 100644 (file)
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -847,10 +847,16 @@ static int smp_cmd_master_ident(struct l2cap_conn *conn, struct sk_buff *skb)
 
 int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
 {
+       struct hci_conn *hcon = conn->hcon;
        __u8 code = skb->data[0];
        __u8 reason;
        int err = 0;
 
+       if (hcon->type != LE_LINK) {
+               kfree_skb(skb);
+               return -ENOTSUPP;
+       }
+
        if (!test_bit(HCI_LE_ENABLED, &conn->hcon->hdev->dev_flags)) {
                err = -ENOTSUPP;
                reason = SMP_PAIRING_NOTSUPP;