Bluetooth: Fix properly ignoring LTKs of unknown types

In case there are new LTK types in the future we shouldn't just blindly
assume that != MGMT_LTK_UNAUTHENTICATED means that the key is
authenticated. This patch adds explicit checks for each allowed key type
in the form of a switch statement and skips any key which has an unknown
value.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org

diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 5e9c21a5525f445ae7c513a9a175e6337aed3a41..0fce54412ffdc077f6d337eadc4cfbe20b51ed26 100644 (file)
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -4546,10 +4546,16 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
                else
                        type = HCI_SMP_LTK_SLAVE;
 
-               if (key->type == MGMT_LTK_UNAUTHENTICATED)
+               switch (key->type) {
+               case MGMT_LTK_UNAUTHENTICATED:
                        authenticated = 0x00;
-               else
+                       break;
+               case MGMT_LTK_AUTHENTICATED:
                        authenticated = 0x01;
+                       break;
+               default:
+                       continue;
+               }
 
                hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
                            authenticated, key->val, key->enc_size, key->ediv,