Bluetooth: Limit acceptable link key types to only supported ones
authorMarcel Holtmann <marcel@holtmann.org>
Fri, 10 Jan 2014 10:07:25 +0000 (02:07 -0800)
committerJohan Hedberg <johan.hedberg@intel.com>
Thu, 13 Feb 2014 07:51:33 +0000 (09:51 +0200)
The link keys that are loaded by userspace during controller setup
should be limited to actual valid and supported types. With the
support for Secure Connections, it is limited to types 0x00 - 0x08
at the moment. Reject any other link key types.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
net/bluetooth/mgmt.c

index 68a3c998d19c13826feae8684ec43d12d16b3677..9b162038acb72282b872cb761f329eecd2c7b26b 100644 (file)
@@ -2241,7 +2241,7 @@ static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
        for (i = 0; i < key_count; i++) {
                struct mgmt_link_key_info *key = &cp->keys[i];
 
-               if (key->addr.type != BDADDR_BREDR)
+               if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
                        return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
                                          MGMT_STATUS_INVALID_PARAMS);
        }