* [PATCH 1/2] Bluetooth: Remove a magic number @ 2011-06-01 15:28 Waldemar Rymarkiewicz 2011-06-01 15:28 ` [PATCH 2/2] Bluetooth: Verify a pin code in pin_code_reply Waldemar Rymarkiewicz 2011-06-01 19:56 ` [PATCH 1/2] Bluetooth: Remove a magic number Gustavo F. Padovan 0 siblings, 2 replies; 5+ messages in thread From: Waldemar Rymarkiewicz @ 2011-06-01 15:28 UTC (permalink / raw) To: linux-bluetooth; +Cc: padovan, Johan Hedberg, Waldemar Rymarkiewicz Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> --- net/bluetooth/mgmt.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index fe835b8..78d1a5f 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -1143,7 +1143,7 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, bacpy(&reply.bdaddr, &cp->bdaddr); reply.pin_len = cp->pin_len; - memcpy(reply.pin_code, cp->pin_code, 16); + memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code)); err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply); if (err < 0) -- 1.7.4.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] Bluetooth: Verify a pin code in pin_code_reply 2011-06-01 15:28 [PATCH 1/2] Bluetooth: Remove a magic number Waldemar Rymarkiewicz @ 2011-06-01 15:28 ` Waldemar Rymarkiewicz 2011-06-01 20:51 ` Gustavo F. Padovan 2011-06-01 19:56 ` [PATCH 1/2] Bluetooth: Remove a magic number Gustavo F. Padovan 1 sibling, 1 reply; 5+ messages in thread From: Waldemar Rymarkiewicz @ 2011-06-01 15:28 UTC (permalink / raw) To: linux-bluetooth; +Cc: padovan, Johan Hedberg, Waldemar Rymarkiewicz As we cannot relay on a userspace mgmt api implementation we should verify if pin_code_reply in fact contains the secure pin code. If userspace replied with unsecure pincode when secure was required we will send pin_code_neg_reply to the controller. Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> --- net/bluetooth/mgmt.c | 50 +++++++++++++++++++++++++++++++++++++++----------- 1 files changed, 39 insertions(+), 11 deletions(-) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index 78d1a5f..7cdf606 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -1108,11 +1108,32 @@ unlock: return err; } +static int send_pin_code_neg_reply(struct sock *sk, u16 index, + struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) +{ + struct pending_cmd *cmd; + int err; + + cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp, + sizeof(*cp)); + if (!cmd) + return -ENOMEM; + + err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), + &cp->bdaddr); + if (err < 0) + mgmt_pending_remove(cmd); + + return err; +} + static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, u16 len) { struct hci_dev *hdev; + struct hci_conn *conn; struct mgmt_cp_pin_code_reply *cp; + struct mgmt_cp_pin_code_neg_reply ncp; struct hci_cp_pin_code_reply reply; struct pending_cmd *cmd; int err; @@ -1135,6 +1156,23 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, goto failed; } + conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); + if (!conn) { + err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN); + goto failed; + } + + if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { + bacpy(&ncp.bdaddr, &cp->bdaddr); + + err = send_pin_code_neg_reply(sk, index, hdev, &ncp); + if (err >= 0) + err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, + EINVAL); + + goto failed; + } + cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, index, data, len); if (!cmd) { err = -ENOMEM; @@ -1185,17 +1223,7 @@ static int pin_code_neg_reply(struct sock *sk, u16 index, unsigned char *data, goto failed; } - cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, - data, len); - if (!cmd) { - err = -ENOMEM; - goto failed; - } - - err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), - &cp->bdaddr); - if (err < 0) - mgmt_pending_remove(cmd); + err = send_pin_code_neg_reply(sk, index, hdev, cp); failed: hci_dev_unlock(hdev); -- 1.7.4.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] Bluetooth: Verify a pin code in pin_code_reply 2011-06-01 15:28 ` [PATCH 2/2] Bluetooth: Verify a pin code in pin_code_reply Waldemar Rymarkiewicz @ 2011-06-01 20:51 ` Gustavo F. Padovan 2011-06-02 8:27 ` Waldemar.Rymarkiewicz 0 siblings, 1 reply; 5+ messages in thread From: Gustavo F. Padovan @ 2011-06-01 20:51 UTC (permalink / raw) To: Waldemar Rymarkiewicz; +Cc: linux-bluetooth, Johan Hedberg Hi Waldemar, * Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> [2011-06-01 17:28:48 +0200]: > As we cannot relay on a userspace mgmt api implementation we should verify > if pin_code_reply in fact contains the secure pin code. > > If userspace replied with unsecure pincode when secure was required we will > send pin_code_neg_reply to the controller. > > Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> > --- > net/bluetooth/mgmt.c | 50 +++++++++++++++++++++++++++++++++++++++----------- > 1 files changed, 39 insertions(+), 11 deletions(-) Applied, but... > > diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c > index 78d1a5f..7cdf606 100644 > --- a/net/bluetooth/mgmt.c > +++ b/net/bluetooth/mgmt.c > @@ -1108,11 +1108,32 @@ unlock: > return err; > } > > +static int send_pin_code_neg_reply(struct sock *sk, u16 index, > + struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp) > +{ > + struct pending_cmd *cmd; > + int err; > + > + cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, index, cp, > + sizeof(*cp)); > + if (!cmd) > + return -ENOMEM; > + > + err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY, sizeof(cp->bdaddr), > + &cp->bdaddr); > + if (err < 0) > + mgmt_pending_remove(cmd); > + > + return err; > +} > + > static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, > u16 len) > { > struct hci_dev *hdev; > + struct hci_conn *conn; > struct mgmt_cp_pin_code_reply *cp; > + struct mgmt_cp_pin_code_neg_reply ncp; > struct hci_cp_pin_code_reply reply; > struct pending_cmd *cmd; please pay more attention on the compiler warnings. cmd is unused here. I fixed it up. > int err; > @@ -1135,6 +1156,23 @@ static int pin_code_reply(struct sock *sk, u16 index, unsigned char *data, > goto failed; > } > > + conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr); > + if (!conn) { > + err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY, ENOTCONN); > + goto failed; > + } > + > + if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) { > + bacpy(&ncp.bdaddr, &cp->bdaddr); > + And I added a error messages here (suggestion from Johan) -- Gustavo F. Padovan http://profusion.mobi ^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH 2/2] Bluetooth: Verify a pin code in pin_code_reply 2011-06-01 20:51 ` Gustavo F. Padovan @ 2011-06-02 8:27 ` Waldemar.Rymarkiewicz 0 siblings, 0 replies; 5+ messages in thread From: Waldemar.Rymarkiewicz @ 2011-06-02 8:27 UTC (permalink / raw) To: padovan; +Cc: linux-bluetooth, johan.hedberg Hi Gustavo, >> struct hci_dev *hdev; >> + struct hci_conn *conn; >> struct mgmt_cp_pin_code_reply *cp; >> + struct mgmt_cp_pin_code_neg_reply ncp; >> struct hci_cp_pin_code_reply reply; >> struct pending_cmd *cmd; > >please pay more attention on the compiler warnings. cmd is >unused here. I fixed it up. Right, but gcc 4.5 doesn't show me that. Will update to 4.6 then. Thanks, Waldek ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] Bluetooth: Remove a magic number 2011-06-01 15:28 [PATCH 1/2] Bluetooth: Remove a magic number Waldemar Rymarkiewicz 2011-06-01 15:28 ` [PATCH 2/2] Bluetooth: Verify a pin code in pin_code_reply Waldemar Rymarkiewicz @ 2011-06-01 19:56 ` Gustavo F. Padovan 1 sibling, 0 replies; 5+ messages in thread From: Gustavo F. Padovan @ 2011-06-01 19:56 UTC (permalink / raw) To: Waldemar Rymarkiewicz; +Cc: linux-bluetooth, Johan Hedberg * Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> [2011-06-01 17:28:47 +0200]: > Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com> > --- > net/bluetooth/mgmt.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) Applied, thanks. - Gustavo F. Padovan http://profusion.mobi ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-06-02 8:27 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-06-01 15:28 [PATCH 1/2] Bluetooth: Remove a magic number Waldemar Rymarkiewicz 2011-06-01 15:28 ` [PATCH 2/2] Bluetooth: Verify a pin code in pin_code_reply Waldemar Rymarkiewicz 2011-06-01 20:51 ` Gustavo F. Padovan 2011-06-02 8:27 ` Waldemar.Rymarkiewicz 2011-06-01 19:56 ` [PATCH 1/2] Bluetooth: Remove a magic number Gustavo F. Padovan
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).