diff options
author | Johan Hedberg <johan.hedberg@intel.com> | 2014-02-28 09:10:16 +0100 |
---|---|---|
committer | Johan Hedberg <johan.hedberg@intel.com> | 2014-02-28 11:36:10 +0100 |
commit | 759331d7cc660be17bcdc5df53f196135f9dfaf6 (patch) | |
tree | 1ee15a589cd278f0ac9451434a962f8a64ca92ee /net/bluetooth | |
parent | Bluetooth: Use __le64 type for LE random numbers (diff) | |
download | linux-759331d7cc660be17bcdc5df53f196135f9dfaf6.tar.xz linux-759331d7cc660be17bcdc5df53f196135f9dfaf6.zip |
Bluetooth: Fix clearing SMP keys if pairing fails
If SMP fails we should not leave any keys (LTKs or IRKs) hanging around
the internal lists. This patch adds the necessary code to
smp_chan_destroy to remove any keys we may have in case of pairing
failure.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/smp.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 99abffcaf16b..f1cb6a32e93f 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -589,6 +589,24 @@ void smp_chan_destroy(struct l2cap_conn *conn) complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags); mgmt_smp_complete(conn->hcon, complete); + /* If pairing failed clean up any keys we might have */ + if (!complete) { + if (smp->ltk) { + list_del(&smp->ltk->list); + kfree(smp->ltk); + } + + if (smp->slave_ltk) { + list_del(&smp->slave_ltk->list); + kfree(smp->slave_ltk); + } + + if (smp->remote_irk) { + list_del(&smp->remote_irk->list); + kfree(smp->remote_irk); + } + } + kfree(smp); conn->smp_chan = NULL; conn->hcon->smp_conn = NULL; |