Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a56c9db5 authored by Andre Eisenbach's avatar Andre Eisenbach
Browse files

Add explicit sec_act parameter to encryption requests 

This avoids de-referencing a potentially NULL pointer (p_ref_data) and
also makes the use of the parameter more obvious.

Also added NULL check before invoking security callback.

Bug: 26792899
Change-Id: I6613c9c2706f1d460ab39421a967d79c59ad0fde
parent 2dd63726

system/bta/dm/bta_dm_act.c

+1 −1
Original line number Diff line number Diff line
@@ -4383,7 +4383,7 @@ void bta_dm_set_encryption (tBTA_DM_MSG *p_data) 
        }



        if (BTM_SetEncryption(p_data->set_encryption.bd_addr, p_data->set_encryption.transport,

                                           bta_dm_encrypt_cback, &p_data->set_encryption.sec_act)

                              bta_dm_encrypt_cback, NULL, p_data->set_encryption.sec_act)

                              == BTM_CMD_STARTED)

        {

            bta_dm_cb.device_list.peer_device[i].p_encrypt_cback = p_data->set_encryption.p_callback;

system/bta/hh/bta_hh_le.c

+2 −2
Original line number Diff line number Diff line
@@ -1413,7 +1413,7 @@ void bta_hh_start_security(tBTA_HH_DEV_CB *p_cb, tBTA_HH_DATA *p_buf) 
    {

        sec_flag = BTM_BLE_SEC_ENCRYPT;

        p_cb->status = BTA_HH_ERR_AUTH_FAILED;

        BTM_SetEncryption(p_cb->addr, BTA_TRANSPORT_LE, bta_hh_le_encrypt_cback, &sec_flag);

        BTM_SetEncryption(p_cb->addr, BTA_TRANSPORT_LE, bta_hh_le_encrypt_cback, NULL, sec_flag);

    }

    /* unbonded device, report security error here */

    else if (p_cb->sec_mask != BTA_SEC_NONE)
@@ -1421,7 +1421,7 @@ void bta_hh_start_security(tBTA_HH_DEV_CB *p_cb, tBTA_HH_DATA *p_buf) 
        sec_flag = BTM_BLE_SEC_ENCRYPT_NO_MITM;

        p_cb->status = BTA_HH_ERR_AUTH_FAILED;

        bta_hh_clear_service_cache(p_cb);

        BTM_SetEncryption(p_cb->addr, BTA_TRANSPORT_LE, bta_hh_le_encrypt_cback, &sec_flag);

        BTM_SetEncryption(p_cb->addr, BTA_TRANSPORT_LE, bta_hh_le_encrypt_cback, NULL, sec_flag);

    }

    /* otherwise let it go through */

    else

system/bta/include/bta_api.h

+1 −1
Original line number Diff line number Diff line
@@ -1070,13 +1070,13 @@ typedef void (tBTA_DM_EXEC_CBACK) (void * p_param); 
/* Encryption callback*/

typedef void (tBTA_DM_ENCRYPT_CBACK) (BD_ADDR bd_addr, tBTA_TRANSPORT transport, tBTA_STATUS result);



#if BLE_INCLUDED == TRUE

#define BTA_DM_BLE_SEC_NONE         BTM_BLE_SEC_NONE

#define BTA_DM_BLE_SEC_ENCRYPT      BTM_BLE_SEC_ENCRYPT

#define BTA_DM_BLE_SEC_NO_MITM      BTM_BLE_SEC_ENCRYPT_NO_MITM

#define BTA_DM_BLE_SEC_MITM         BTM_BLE_SEC_ENCRYPT_MITM

typedef tBTM_BLE_SEC_ACT            tBTA_DM_BLE_SEC_ACT;



#if BLE_INCLUDED == TRUE

typedef tBTM_BLE_TX_TIME_MS         tBTA_DM_BLE_TX_TIME_MS;

typedef tBTM_BLE_RX_TIME_MS         tBTA_DM_BLE_RX_TIME_MS;

typedef tBTM_BLE_IDLE_TIME_MS       tBTA_DM_BLE_IDLE_TIME_MS;

system/stack/btm/btm_ble.c

+1 −2
Original line number Diff line number Diff line
@@ -1274,10 +1274,9 @@ void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE 
**                  the local device ER is copied into er

**

*******************************************************************************/

tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role)

tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, tBTM_BLE_SEC_ACT sec_act, UINT8 link_role)

{

    tBTM_STATUS         cmd = BTM_NO_RESOURCES;

    tBTM_BLE_SEC_ACT    sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ;

    tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bd_addr);

    tBTM_BLE_SEC_REQ_ACT sec_req_act;

    tBTM_LE_AUTH_REQ    auth_req;

system/stack/btm/btm_ble_int.h

+1 −1
Original line number Diff line number Diff line
@@ -384,7 +384,7 @@ extern void btm_ble_create_ll_conn_complete (UINT8 status); 
extern void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act);

extern void btm_ble_ltk_request_reply(BD_ADDR bda,  BOOLEAN use_stk, BT_OCTET16 stk);

extern UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data);

extern tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role);

extern tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, tBTM_BLE_SEC_ACT sec_act, UINT8 link_role);

extern void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv);

extern tBTM_STATUS btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk);

extern void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable);