summaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
authorJohan Hedberg <johan.hedberg@intel.com>2015-03-16 17:12:57 +0100
committerMarcel Holtmann <marcel@holtmann.org>2015-03-16 17:17:38 +0100
commita8ca617c1356cafa669dc467a386787cc1d83809 (patch)
tree00b6783816e50b091bb6144525ee1f77a60be0ed /net/bluetooth
parentBluetooth: Fix verifying confirm value when lacking remote OOB data (diff)
downloadlinux-a8ca617c1356cafa669dc467a386787cc1d83809.tar.xz
linux-a8ca617c1356cafa669dc467a386787cc1d83809.zip
Bluetooth: Don't send public key if OOB data verification fails
When we receive the remote public key, if we have remote OOB data there's no point in sending our public key to the remote if the OOB data doesn't match. This patch moves the test for this higher up in the smp_cmd_public_key() function. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/smp.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index de53ba1905fe..82824213d0fb 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2515,6 +2515,16 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
memcpy(smp->remote_pk, key, 64);
+ if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
+ err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
+ smp->rr, 0, cfm.confirm_val);
+ if (err)
+ return SMP_UNSPECIFIED;
+
+ if (memcmp(cfm.confirm_val, smp->pcnf, 16))
+ return SMP_CONFIRM_FAILED;
+ }
+
/* Non-initiating device sends its public key after receiving
* the key from the initiating device.
*/
@@ -2562,16 +2572,6 @@ static int smp_cmd_public_key(struct l2cap_conn *conn, struct sk_buff *skb)
return sc_passkey_round(smp, SMP_CMD_PUBLIC_KEY);
}
- if (test_bit(SMP_FLAG_REMOTE_OOB, &smp->flags)) {
- err = smp_f4(smp->tfm_cmac, smp->remote_pk, smp->remote_pk,
- smp->rr, 0, cfm.confirm_val);
- if (err)
- return SMP_UNSPECIFIED;
-
- if (memcmp(cfm.confirm_val, smp->pcnf, 16))
- return SMP_CONFIRM_FAILED;
- }
-
if (smp->method == REQ_OOB) {
if (hcon->out)
smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM,