Bluetooth: Disallow LE local out-of-band data when LE privacy is used

When the LE pivacy feature is used, then pairing has to happen based on resolvable random addresses (RPA), but currently there is no clean way to retrieve the correct RPA. So instead of returning an outdated RPA, just disallow this command when LE privacy is in use. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
author: Marcel Holtmann <marcel@holtmann.org> 2015-04-02 15:00:58 -0400
committer: Johan Hedberg <johan.hedberg@intel.com> 2015-04-02 15:18:58 -0400
commit: e213568ad6b06ac828fe2a050fe4ec7b69f09f37 (patch)
tree: 38de9e06934e8ba3bcc2c26d1db0e7dff7cad63e
parent: 1b9441f8ec426223f6f54f2af10ee01c8b743e5b (diff)
1 files changed, 19 insertions, 6 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index bb0c53ac4c66..20a7765680df 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -6526,13 +6526,26 @@ static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
                        goto complete;
                }
+                /* This should return the active RPA, but since the RPA
+                 * is only programmed on demand, it is really hard to fill
+                 * this in at the moment. For now disallow retrieving
+                 * local out-of-band data when privacy is in use.
+                 *
+                 * Returning the identity address will not help here since
+                 * pairing happens before the identity resolving key is
+                 * known and thus the connection establishment happens
+                 * based on the RPA and not the identity address.
+                 */
                if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
-                        memcpy(addr, &hdev->rpa, 6);
+                        hci_dev_unlock(hdev);
-                        addr[6] = 0x01;
+                        status = MGMT_STATUS_REJECTED;
-                } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
+                        goto complete;
-                           !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
+                }
-                           (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
-                            bacmp(&hdev->static_addr, BDADDR_ANY))) {
+                if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
+                   !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
+                   (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
+                    bacmp(&hdev->static_addr, BDADDR_ANY))) {
                        memcpy(addr, &hdev->static_addr, 6);
                        addr[6] = 0x01;
                } else {
author	Marcel Holtmann <marcel@holtmann.org>	2015-04-02 15:00:58 -0400
committer	Johan Hedberg <johan.hedberg@intel.com>	2015-04-02 15:18:58 -0400
commit	e213568ad6b06ac828fe2a050fe4ec7b69f09f37 (patch)
tree	38de9e06934e8ba3bcc2c26d1db0e7dff7cad63e
parent	1b9441f8ec426223f6f54f2af10ee01c8b743e5b (diff)

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index bb0c53ac4c66..20a7765680df 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c
@@ -6526,13 +6526,26 @@ static int read_local_oob_ext_data(struct sock sk, struct hci_dev hdev,
6526	goto complete;	6526	goto complete;
6527	}	6527	}
6528		6528
		6529	/* This should return the active RPA, but since the RPA
		6530	* is only programmed on demand, it is really hard to fill
		6531	* this in at the moment. For now disallow retrieving
		6532	* local out-of-band data when privacy is in use.
		6533	*
		6534	* Returning the identity address will not help here since
		6535	* pairing happens before the identity resolving key is
		6536	* known and thus the connection establishment happens
		6537	* based on the RPA and not the identity address.
		6538	*/
6529	if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {	6539	if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6530	memcpy(addr, &hdev->rpa, 6);	6540	hci_dev_unlock(hdev);
6531	addr[6] = 0x01;	6541	status = MGMT_STATUS_REJECTED;
6532	} else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) \|\|	6542	goto complete;
6533	!bacmp(&hdev->bdaddr, BDADDR_ANY) \|\|	6543	}
6534	(!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&	6544
6535	bacmp(&hdev->static_addr, BDADDR_ANY))) {	6545	if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) \|\|
		6546	!bacmp(&hdev->bdaddr, BDADDR_ANY) \|\|
		6547	(!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
		6548	bacmp(&hdev->static_addr, BDADDR_ANY))) {
6536	memcpy(addr, &hdev->static_addr, 6);	6549	memcpy(addr, &hdev->static_addr, 6);
6537	addr[6] = 0x01;	6550	addr[6] = 0x01;
6538	} else {	6551	} else {