summaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorJohan Hedberg <johan.hedberg@intel.com>2014-02-28 09:10:16 +0100
committerJohan Hedberg <johan.hedberg@intel.com>2014-02-28 11:36:10 +0100
commit759331d7cc660be17bcdc5df53f196135f9dfaf6 (patch)
tree1ee15a589cd278f0ac9451434a962f8a64ca92ee /net/bluetooth
parentBluetooth: Use __le64 type for LE random numbers (diff)
downloadlinux-759331d7cc660be17bcdc5df53f196135f9dfaf6.tar.xz
linux-759331d7cc660be17bcdc5df53f196135f9dfaf6.zip
Bluetooth: Fix clearing SMP keys if pairing fails
If SMP fails we should not leave any keys (LTKs or IRKs) hanging around the internal lists. This patch adds the necessary code to smp_chan_destroy to remove any keys we may have in case of pairing failure. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/smp.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 99abffcaf16b..f1cb6a32e93f 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -589,6 +589,24 @@ void smp_chan_destroy(struct l2cap_conn *conn)
complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
mgmt_smp_complete(conn->hcon, complete);
+ /* If pairing failed clean up any keys we might have */
+ if (!complete) {
+ if (smp->ltk) {
+ list_del(&smp->ltk->list);
+ kfree(smp->ltk);
+ }
+
+ if (smp->slave_ltk) {
+ list_del(&smp->slave_ltk->list);
+ kfree(smp->slave_ltk);
+ }
+
+ if (smp->remote_irk) {
+ list_del(&smp->remote_irk->list);
+ kfree(smp->remote_irk);
+ }
+ }
+
kfree(smp);
conn->smp_chan = NULL;
conn->hcon->smp_conn = NULL;