Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 94f14e47 authored by Johan Hedberg's avatar Johan Hedberg Committed by Marcel Holtmann
Browse files

Bluetooth: SMP: Fix trying to use non-existent local OOB data 



A remote device may claim that it has received our OOB data, even
though we never geneated it. Add a new flag to track whether we
actually have OOB data, and ignore the remote peer's flag if haven't
generated OOB data.

Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 7c5cca35

net/bluetooth/smp.c

+6 −2
Original line number Original line Diff line number Diff line
@@ -83,6 +83,7 @@ enum { 




struct smp_dev {

struct smp_dev {

	/* Secure Connections OOB data */

	/* Secure Connections OOB data */

	bool			local_oob;

	u8			local_pk[64];

	u8			local_pk[64];

	u8			local_rand[16];

	u8			local_rand[16];

	bool			debug_key;

	bool			debug_key;
@@ -599,6 +600,8 @@ int smp_generate_oob(struct hci_dev *hdev, u8 hash[16], u8 rand[16]) 




	memcpy(rand, smp->local_rand, 16);

	memcpy(rand, smp->local_rand, 16);





	smp->local_oob = true;



	return 0;

	return 0;

}

}
@@ -1785,7 +1788,7 @@ static u8 smp_cmd_pairing_req(struct l2cap_conn *conn, struct sk_buff *skb) 
	 * successfully received our local OOB data - therefore set the

	 * successfully received our local OOB data - therefore set the

	 * flag to indicate that local OOB is in use.

	 * flag to indicate that local OOB is in use.

	 */

	 */

	if (req->oob_flag == SMP_OOB_PRESENT)

	if (req->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob)

		set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);

		set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);





	/* SMP over BR/EDR requires special treatment */

	/* SMP over BR/EDR requires special treatment */
@@ -1967,7 +1970,7 @@ static u8 smp_cmd_pairing_rsp(struct l2cap_conn *conn, struct sk_buff *skb) 
	 * successfully received our local OOB data - therefore set the

	 * successfully received our local OOB data - therefore set the

	 * flag to indicate that local OOB is in use.

	 * flag to indicate that local OOB is in use.

	 */

	 */

	if (rsp->oob_flag == SMP_OOB_PRESENT)

	if (rsp->oob_flag == SMP_OOB_PRESENT && SMP_DEV(hdev)->local_oob)

		set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);

		set_bit(SMP_FLAG_LOCAL_OOB, &smp->flags);





	smp->prsp[0] = SMP_CMD_PAIRING_RSP;

	smp->prsp[0] = SMP_CMD_PAIRING_RSP;
@@ -3230,6 +3233,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid) 
		return ERR_CAST(tfm_ecdh);

		return ERR_CAST(tfm_ecdh);

	}

	}





	smp->local_oob = false;

	smp->tfm_aes = tfm_aes;

	smp->tfm_aes = tfm_aes;

	smp->tfm_cmac = tfm_cmac;

	smp->tfm_cmac = tfm_cmac;

	smp->tfm_ecdh = tfm_ecdh;

	smp->tfm_ecdh = tfm_ecdh;