Skip to content

Commit 1e9683c

Browse files
VudentzVudentz
committed
Bluetooth: MGMT: Ignore keys being loaded with invalid type
Due to 59b047b there could be keys stored with the wrong address type so this attempt to detect it and ignore them instead of just failing to load all keys. Cc: [email protected] Link: bluez/bluez#875 Fixes: 59b047b ("Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE") Signed-off-by: Luiz Augusto von Dentz <[email protected]>
1 parent 532f8bc commit 1e9683c

File tree

1 file changed

+19
-18
lines changed

1 file changed

+19
-18
lines changed

net/bluetooth/mgmt.c

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -2830,15 +2830,6 @@ static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
28302830
bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
28312831
key_count);
28322832

2833-
for (i = 0; i < key_count; i++) {
2834-
struct mgmt_link_key_info *key = &cp->keys[i];
2835-
2836-
if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
2837-
return mgmt_cmd_status(sk, hdev->id,
2838-
MGMT_OP_LOAD_LINK_KEYS,
2839-
MGMT_STATUS_INVALID_PARAMS);
2840-
}
2841-
28422833
hci_dev_lock(hdev);
28432834

28442835
hci_link_keys_clear(hdev);
@@ -2863,6 +2854,19 @@ static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
28632854
continue;
28642855
}
28652856

2857+
if (key->addr.type != BDADDR_BREDR) {
2858+
bt_dev_warn(hdev,
2859+
"Invalid link address type %u for %pMR",
2860+
key->addr.type, &key->addr.bdaddr);
2861+
continue;
2862+
}
2863+
2864+
if (key->type > 0x08) {
2865+
bt_dev_warn(hdev, "Invalid link key type %u for %pMR",
2866+
key->type, &key->addr.bdaddr);
2867+
continue;
2868+
}
2869+
28662870
/* Always ignore debug keys and require a new pairing if
28672871
* the user wants to use them.
28682872
*/
@@ -7163,15 +7167,6 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
71637167

71647168
bt_dev_dbg(hdev, "key_count %u", key_count);
71657169

7166-
for (i = 0; i < key_count; i++) {
7167-
struct mgmt_ltk_info *key = &cp->keys[i];
7168-
7169-
if (!ltk_is_valid(key))
7170-
return mgmt_cmd_status(sk, hdev->id,
7171-
MGMT_OP_LOAD_LONG_TERM_KEYS,
7172-
MGMT_STATUS_INVALID_PARAMS);
7173-
}
7174-
71757170
hci_dev_lock(hdev);
71767171

71777172
hci_smp_ltks_clear(hdev);
@@ -7188,6 +7183,12 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
71887183
continue;
71897184
}
71907185

7186+
if (!ltk_is_valid(key)) {
7187+
bt_dev_warn(hdev, "Invalid LTK for %pMR",
7188+
&key->addr.bdaddr);
7189+
continue;
7190+
}
7191+
71917192
switch (key->type) {
71927193
case MGMT_LTK_UNAUTHENTICATED:
71937194
authenticated = 0x00;

0 commit comments

Comments
 (0)