diff options
| author | Johan Hedberg <johan.hedberg@intel.com> | 2018-09-11 07:10:12 -0400 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2018-09-11 07:33:57 -0400 |
| commit | 94f14e4728125f979629b2b020d31cd718191626 (patch) | |
| tree | 4a1d3a89a9d736b27d68266f3056f94ed5078fd0 | |
| parent | 7c5cca3588545e7f255171e28e0dd6e384ebb91d (diff) | |
Bluetooth: SMP: Fix trying to use non-existent local OOB data
A remote device may claim that it has received our OOB data, even
though we never geneated it. Add a new flag to track whether we
actually have OOB data, and ignore the remote peer's flag if haven't
generated OOB data.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
| -rw-r--r-- | net/bluetooth/smp.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index ae91e2d40056..9752879fdd3a 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -83,6 +83,7 @@ enum { | |||
| 83 | 83 | ||
| 84 | struct smp_dev { | 84 | struct smp_dev { |
| 85 | /* Secure Connections OOB data */ | 85 | /* Secure Connections OOB data */ |
| 86 | bool local_oob; | ||
| 86 | u8 local_pk[64]; | 87 | u8 local_pk[64]; |
| 87 | u8 local_rand[16]; | 88 | u8 local_rand[16]; |
| 88 | bool debug_key; | 89 | bool debug_key; |
| @@ -599,6 +600,8 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16]) | |||
| 599 | 600 | ||
| 600 | memcpy(rand, smp->local_rand, 16); | 601 | memcpy(rand, smp->local_rand, 16); |
| 601 | 602 | ||
| 603 | smp->local_oob = true; | ||
| 604 | |||
| 602 | return 0; | 605 | return 0; |
| 603 | } | 606 | } |
| 604 | 607 | ||
| @@ -1785,7 +1788,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 1785 | * successfully received our local OOB data - therefore set the | 1788 | * successfully received our local OOB data - therefore set the |
| 1786 | * flag to indicate that local OOB is in use. | 1789 | * flag to indicate that local OOB is in use. |
| 1787 | */ | 1790 | */ |
| 1788 | if (req->oob_flag == SMP_OOB_PRESENT) | 1791 | if (req->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob) |
| 1789 | set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); | 1792 | set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); |
| 1790 | 1793 | ||
| 1791 | /* SMP over BR/EDR requires special treatment */ | 1794 | /* SMP over BR/EDR requires special treatment */ |
| @@ -1967,7 +1970,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) | |||
| 1967 | * successfully received our local OOB data - therefore set the | 1970 | * successfully received our local OOB data - therefore set the |
| 1968 | * flag to indicate that local OOB is in use. | 1971 | * flag to indicate that local OOB is in use. |
| 1969 | */ | 1972 | */ |
| 1970 | if (rsp->oob_flag == SMP_OOB_PRESENT) | 1973 | if (rsp->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob) |
| 1971 | set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); | 1974 | set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags); |
| 1972 | 1975 | ||
| 1973 | smp->prsp[0] = SMP_CMD_PAIRING_RSP; | 1976 | smp->prsp[0] = SMP_CMD_PAIRING_RSP; |
| @@ -3230,6 +3233,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) | |||
| 3230 | return ERR_CAST(tfm_ecdh); | 3233 | return ERR_CAST(tfm_ecdh); |
| 3231 | } | 3234 | } |
| 3232 | 3235 | ||
| 3236 | smp->local_oob = false; | ||
| 3233 | smp->tfm_aes = tfm_aes; | 3237 | smp->tfm_aes = tfm_aes; |
| 3234 | smp->tfm_cmac = tfm_cmac; | 3238 | smp->tfm_cmac = tfm_cmac; |
| 3235 | smp->tfm_ecdh = tfm_ecdh; | 3239 | smp->tfm_ecdh = tfm_ecdh; |