From aacfafc3aca3af89dc6537f728b4be2024e8251c Mon Sep 17 00:00:00 2001
From: Matthias Ringwald <matthias@ringwald.ch>
Date: Mon, 26 Nov 2018 20:19:47 +0100
Subject: [PATCH] sm: ignore Slave Security Request after sending own Pairing
 Request

---
 CHANGELOG.md | 1 +
 src/ble/sm.c | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 137513089..72062e2ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 - SM: prevent random address updates if gap_random_address_set was used
 - SM: fix internal buffer overrun that can cause storing of bonding information to fail
+- SM: ignore Slave Security Request after sending own Pairing Request
 - L2CAP: fix use after free on disconnect if ERTM is enabled
 - Memory Pools: clear all buffers before use
 
diff --git a/src/ble/sm.c b/src/ble/sm.c
index acc9e99c3..bfeed8023 100644
--- a/src/ble/sm.c
+++ b/src/ble/sm.c
@@ -3277,6 +3277,15 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
             break;
 
         case SM_INITIATOR_PH1_W4_PAIRING_RESPONSE:
+            // Core 5, Vol 3, Part H, 2.4.6:
+            // "The master shall ignore the slave’s Security Request if the master has sent a Pairing Request
+            //  without receiving a Pairing Response from the slave or if the master has initiated encryption mode setup."
+            if (sm_pdu_code == SM_CODE_SECURITY_REQUEST){
+                log_info("Ignoring Security Request");
+                break;
+            }
+
+            // all other pdus are incorrect
             if (sm_pdu_code != SM_CODE_PAIRING_RESPONSE){
                 sm_pdu_received_in_wrong_state(sm_conn);
                 break;