Fix race condition when generating OOB data

costanic · costanic · commit 55507eaf7527 · 2019-01-11T08:54:30.000-06:00
The GenericSecurityManager tracks the most recent OOB data generated
by the PAL and the PAL function to generate OOB data is expected to
be asynchronous such that the OOB data is returned via a callback.

There was a race condition on the security manager's oob data variable
because it was cleared (set to all zeros) after calling PAL generate.
The expectation was that the clear operation would occur before the
callback executed, but this is proving to not be the case.  Instead,
the callback is being executed as if it were syncronous with PAL
generate, then PAL generate returns and the oob data is cleared,
thereby losing the generated oob data that was set in the callback.

To fix the issue, clear the oob data variables before calling into
the PAL.
diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@@ -653,14 +653,20 @@ ble_error_t GenericSecurityManager::generateOOB(
     /* Secure connections. Avoid generating if we're already waiting for it.
      * If a local random is set to 0 it means we're already calculating. */
     if (!is_all_zeros(_oob_local_random)) {
-        status = _pal.generate_secure_connections_oob();
+        /* save the current values in case the call to
+         * generate_secure_connections_oob fails */
+        address_t orig_local_address = _oob_local_address;
+        oob_lesc_value_t orig_local_random = _oob_local_random;
+
+        _oob_local_address = *address;
+        /* this will be updated when calculation completes,
+         * a value of all zeros is an invalid random value */
+        set_all_zeros(_oob_local_random);
 
-        if (status == BLE_ERROR_NONE) {
-            _oob_local_address = *address;
-            /* this will be updated when calculation completes,
-             * a value of all zeros is an invalid random value */
-            set_all_zeros(_oob_local_random);
-        } else if (status != BLE_ERROR_NOT_IMPLEMENTED) {
+        status = _pal.generate_secure_connections_oob();
+        if (status != BLE_ERROR_NONE && status != BLE_ERROR_NOT_IMPLEMENTED) {
+            _oob_local_address = orig_local_address;
+            _oob_local_random = orig_local_random;
             return status;
         }
     } else {
