From: Marcel Holtmann Date: Fri, 10 Jan 2014 10:07:25 +0000 (-0800) Subject: Bluetooth: Limit acceptable link key types to only supported ones X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8e99113277fb9f7b8b28fbcc866a359d2fa1ba41;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git Bluetooth: Limit acceptable link key types to only supported ones The link keys that are loaded by userspace during controller setup should be limited to actual valid and supported types. With the support for Secure Connections, it is limited to types 0x00 - 0x08 at the moment. Reject any other link key types. Signed-off-by: Marcel Holtmann Signed-off-by: Johan Hedberg --- diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 68a3c998d19c..9b162038acb7 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -2241,7 +2241,7 @@ static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data, for (i = 0; i < key_count; i++) { struct mgmt_link_key_info *key = &cp->keys[i]; - if (key->addr.type != BDADDR_BREDR) + if (key->addr.type != BDADDR_BREDR || key->type > 0x08) return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, MGMT_STATUS_INVALID_PARAMS); }