diff --git a/components/bt/host/bluedroid/stack/btm/btm_acl.c b/components/bt/host/bluedroid/stack/btm/btm_acl.c index 4c8d756df9..7be59dc62e 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_acl.c +++ b/components/bt/host/bluedroid/stack/btm/btm_acl.c @@ -326,6 +326,10 @@ void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn, btm_establish_continue (p); return; } + } else { + /* If remote features indicated secure connection (SC) mode, check the remote feautres again*/ + /* this is to prevent from BIAS attack where attacker can downgrade SC mode*/ + btm_read_remote_features (p->hci_handle); } } diff --git a/components/bt/host/bluedroid/stack/btm/btm_sec.c b/components/bt/host/bluedroid/stack/btm/btm_sec.c index 37003a5dca..8d1538779a 100644 --- a/components/bt/host/bluedroid/stack/btm/btm_sec.c +++ b/components/bt/host/bluedroid/stack/btm/btm_sec.c @@ -4014,9 +4014,7 @@ void btm_sec_auth_complete (UINT16 handle, UINT8 status) return; } - if (!(p_dev_rec->sm4 & BTM_SM4_UPGRADE)) { - p_dev_rec->sec_flags |= BTM_SEC_AUTHENTICATED; - } + p_dev_rec->sec_flags |= BTM_SEC_AUTHENTICATED; if (p_dev_rec->pin_code_length >= 16 || p_dev_rec->link_key_type == BTM_LKEY_TYPE_AUTH_COMB || diff --git a/components/bt/host/bluedroid/stack/l2cap/l2c_link.c b/components/bt/host/bluedroid/stack/l2cap/l2c_link.c index 4fd64b27f4..34400039cb 100644 --- a/components/bt/host/bluedroid/stack/l2cap/l2c_link.c +++ b/components/bt/host/bluedroid/stack/l2cap/l2c_link.c @@ -81,8 +81,7 @@ BOOLEAN l2c_link_hci_conn_req (BD_ADDR bd_addr) if (p_lcb_cur->in_use) { no_links = FALSE; - // p_lcb->link_role = HCI_ROLE_MASTER; - p_lcb->link_role = HCI_ROLE_SLAVE; + p_lcb->link_role = HCI_ROLE_MASTER; break; } }