Bluetooth: Reject an encryption request when the key isn't found
authorVinicius Costa Gomes <vinicius.gomes@openbossa.org>
Thu, 7 Jul 2011 21:59:37 +0000 (18:59 -0300)
committerJaikumar Ganesh <jaikumar@google.com>
Mon, 11 Jul 2011 18:59:34 +0000 (11:59 -0700)
Now that we have methods to finding keys by its parameters we can
reject an encryption request if the key isn't found.

Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@openbossa.org>
Signed-off-by: Gustavo F. Padovan <padovan@profusion.mobi>
net/bluetooth/hci_event.c

index ab66838816f974a1164f45528af1dcd323a05b66..883040f972de286860ed01c403d6c45a83e8bab6 100644 (file)
@@ -2860,21 +2860,35 @@ static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
 {
        struct hci_ev_le_ltk_req *ev = (void *) skb->data;
        struct hci_cp_le_ltk_reply cp;
+       struct hci_cp_le_ltk_neg_reply neg;
        struct hci_conn *conn;
+       struct link_key *ltk;
 
        BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
 
        hci_dev_lock(hdev);
 
        conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
+       if (conn == NULL)
+               goto not_found;
 
-       memset(&cp, 0, sizeof(cp));
+       ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
+       if (ltk == NULL)
+               goto not_found;
+
+       memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
        cp.handle = cpu_to_le16(conn->handle);
-       memcpy(cp.ltk, conn->ltk, sizeof(conn->ltk));
 
        hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
 
        hci_dev_unlock(hdev);
+
+       return;
+
+not_found:
+       neg.handle = ev->handle;
+       hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
+       hci_dev_unlock(hdev);
 }
 
 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)