From 2ca8fbe3596acaa06d75c6fe98cb9f5b7f1020de Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Wed, 4 Feb 2009 22:21:31 +0100
Subject: Don't make use of debug combination keys for further connections

---
 src/security.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/security.c')

diff --git a/src/security.c b/src/security.c
index 1a33a9d2..05788721 100644
--- a/src/security.c
+++ b/src/security.c
@@ -326,7 +326,9 @@ static void link_key_request(int dev, bdaddr_t *sba, bdaddr_t *dba)
 
 		debug("stored link key type = 0x%02x", type);
 
-		if ((type == 0x03 || type == 0x04) && (req.type & 0x01))
+		/* Don't use debug link keys (0x03) and also don't use
+		 * unauthenticated combination keys if MITM is required */
+		if (type == 0x03 || (type == 0x04 && (req.type & 0x01)))
 			hci_send_cmd(dev, OGF_LINK_CTL,
 					OCF_LINK_KEY_NEG_REPLY, 6, dba);
 		else
-- 
cgit