From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Wed, 28 May 2025 18:53:11 +0000 (-0400)
Subject: Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
X-Git-Tag: v6.16-rc1~36^2~29^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03dba9cea72f977e873e4e60e220fa596959dd8f;p=thirdparty%2Flinux.git

Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION

Depending on the security set the response to L2CAP_LE_CONN_REQ shall be
just L2CAP_CR_LE_ENCRYPTION if only encryption when BT_SECURITY_MEDIUM
is selected since that means security mode 2 which doesn't require
authentication which is something that is covered in the qualification
test L2CAP/LE/CFC/BV-25-C.

Link: https://github.com/bluez/bluez/issues/1270
Fixes: 27e2d4c8d28b ("Bluetooth: Add basic LE L2CAP connect request receiving support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 042d3ac3b4a3..a5bde5db58ef 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -4870,7 +4870,8 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
 
 	if (!smp_sufficient_security(conn->hcon, pchan->sec_level,
 				     SMP_ALLOW_STK)) {
-		result = L2CAP_CR_LE_AUTHENTICATION;
+		result = pchan->sec_level == BT_SECURITY_MEDIUM ?
+			L2CAP_CR_LE_ENCRYPTION : L2CAP_CR_LE_AUTHENTICATION;
 		chan = NULL;
 		goto response_unlock;
 	}