Commit 61b43357 authored May 29, 2014 by Johan Hedberg Committed by Marcel Holtmann May 30, 2014

Bluetooth: Fix properly ignoring LTKs of unknown types



In case there are new LTK types in the future we shouldn't just blindly
assume that != MGMT_LTK_UNAUTHENTICATED means that the key is
authenticated. This patch adds explicit checks for each allowed key type
in the form of a switch statement and skips any key which has an unknown
value.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org

parent 3abb56de

net/bluetooth/mgmt.c

+8 −2

Original line number	Diff line number	Diff line
		@@ -4546,10 +4546,16 @@ static int load_long_term_keys(struct sock sk, struct hci_dev hdev,
		else
		type = HCI_SMP_LTK_SLAVE;

		if (key->type == MGMT_LTK_UNAUTHENTICATED)
		switch (key->type) {
		case MGMT_LTK_UNAUTHENTICATED:
		authenticated = 0x00;
		else
		break;
		case MGMT_LTK_AUTHENTICATED:
		authenticated = 0x01;
		break;
		default:
		continue;
		}

		hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
		authenticated, key->val, key->enc_size, key->ediv,