diff options
| -rw-r--r-- | net/bluetooth/hci_event.c | 18 | 
1 files changed, 16 insertions, 2 deletions
| diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index ab66838816f..883040f972d 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2860,21 +2860,35 @@ static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,  {  	struct hci_ev_le_ltk_req *ev = (void *) skb->data;  	struct hci_cp_le_ltk_reply cp; +	struct hci_cp_le_ltk_neg_reply neg;  	struct hci_conn *conn; +	struct link_key *ltk;  	BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));  	hci_dev_lock(hdev);  	conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle)); +	if (conn == NULL) +		goto not_found; -	memset(&cp, 0, sizeof(cp)); +	ltk = hci_find_ltk(hdev, ev->ediv, ev->random); +	if (ltk == NULL) +		goto not_found; + +	memcpy(cp.ltk, ltk->val, sizeof(ltk->val));  	cp.handle = cpu_to_le16(conn->handle); -	memcpy(cp.ltk, conn->ltk, sizeof(conn->ltk));  	hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);  	hci_dev_unlock(hdev); + +	return; + +not_found: +	neg.handle = ev->handle; +	hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg); +	hci_dev_unlock(hdev);  }  static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb) | 
