Bluetooth: Fix properly ignoring LTKs of unknown types

In case there are new LTK types in the future we shouldn't just blindly assume that != MGMT_LTK_UNAUTHENTICATED means that the key is authenticated. This patch adds explicit checks for each allowed key type in the form of a switch statement and skips any key which has an unknown value. Signed-off-by: N Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org

Bluetooth: Fix properly ignoring LTKs of unknown types
In case there are new LTK types in the future we shouldn't just blindly assume that != MGMT_LTK_UNAUTHENTICATED means that the key is authenticated. This patch adds explicit checks for each allowed key type in the form of a switch statement and skips any key which has an unknown value. Signed-off-by: N Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: N Marcel Holtmann <marcel@holtmann.org> Cc: stable@vger.kernel.org
61b43357 · Johan Hedberg · Marcel Holtmann · 3abb56de · 61b43357
隐藏空白更改
内联并排

Showing with 8 addition and 2 deletion

net/bluetooth/mgmt.c net/bluetooth/mgmt.c +8 -2

未找到文件。
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -4546,10 +4546,16 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
 		else
 			type = HCI_SMP_LTK_SLAVE;

-		if (key->type == MGMT_LTK_UNAUTHENTICATED)
+		switch (key->type) {
+		case MGMT_LTK_UNAUTHENTICATED:
 			authenticated = 0x00;
-		else
+			break;
+		case MGMT_LTK_AUTHENTICATED:
 			authenticated = 0x01;
+			break;
+		default:
+			continue;
+		}

 		hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
 			    authenticated, key->val, key->enc_size, key->ediv,