diff --git a/components/bt/host/bluedroid/stack/btm/btm_acl.c b/components/bt/host/bluedroid/stack/btm/btm_acl.c index 021a80da40..1fe596ada3 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_acl.c +++ b/components/bt/host/bluedroid/stack/btm/btm_acl.c @@ -347,6 +347,10 @@ void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, UINT8 bdn[BTM_MAX_REM_BD_NAME_L btm_establish_continue (p); return; } + } else { + /* If remote features indicated secure connection (SC) mode, check the remote feautres again*/ + /* this is to prevent from BIAS attack where attacker can downgrade SC mode*/ + btm_read_remote_features (p->hci_handle); } } diff --git a/components/bt/host/bluedroid/stack/btm/btm_sec.c b/components/bt/host/bluedroid/stack/btm/btm_sec.c index f99a78c899..cd61d6388d 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_sec.c +++ b/components/bt/host/bluedroid/stack/btm/btm_sec.c @@ -4024,9 +4024,7 @@ void btm_sec_auth_complete (UINT16 handle, UINT8 status) return; } - if (!(p_dev_rec->sm4 & BTM_SM4_UPGRADE)) { - p_dev_rec->sec_flags |= BTM_SEC_AUTHENTICATED; - } + p_dev_rec->sec_flags |= BTM_SEC_AUTHENTICATED; if (p_dev_rec->pin_code_length >= 16 || p_dev_rec->link_key_type == BTM_LKEY_TYPE_AUTH_COMB || diff --git a/components/bt/host/bluedroid/stack/l2cap/l2c_link.c b/components/bt/host/bluedroid/stack/l2cap/l2c_link.c index 5471e66bb8..4b81b4b3b2 100644 --- a/components/bt/host/bluedroid/stack/l2cap/l2c_link.c +++ b/components/bt/host/bluedroid/stack/l2cap/l2c_link.c @@ -87,8 +87,7 @@ BOOLEAN l2c_link_hci_conn_req (BD_ADDR bd_addr) if (p_lcb_cur->in_use) { no_links = FALSE; - // p_lcb->link_role = HCI_ROLE_MASTER; - p_lcb->link_role = HCI_ROLE_SLAVE; + p_lcb->link_role = HCI_ROLE_MASTER; break; } }