Bluetooth: Fix checking for proper key->master value in Load LTKs

The allowed values for the key->master parameter in the Load LTKs command are 0x00 and 0x01. If there is a key in the list with some other value the command should fail with a proper invalid params response. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
author: Johan Hedberg <johan.hedberg@intel.com> 2013-01-20 14:27:15 +0200
committer: Gustavo Padovan <gustavo.padovan@collabora.co.uk> 2013-01-23 01:54:09 -0200
commit: 54ad6d8a5afe1a6d162d8d229a3d8fc48b254d24 (patch)
tree: f636430077b38a32b03e1c2c382297634dbc9d44 /net/bluetooth
parent: e57e619f463e7841940ef1b98969e23f71f5ee8a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index a050eee61623..c7ec47ce94e5 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -2721,6 +2721,15 @@ static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
 
 	BT_DBG("%s key_count %u", hdev->name, key_count);
 
+	for (i = 0; i < key_count; i++) {
+		struct mgmt_ltk_info *key = &cp->keys[i];
+
+		if (key->master != 0x00 && key->master != 0x01)
+			return cmd_status(sk, hdev->id,
+					  MGMT_OP_LOAD_LONG_TERM_KEYS,
+					  MGMT_STATUS_INVALID_PARAMS);
+	}
+
 	hci_dev_lock(hdev);
 
 	hci_smp_ltks_clear(hdev);
author	Johan Hedberg <johan.hedberg@intel.com>	2013-01-20 14:27:15 +0200
committer	Gustavo Padovan <gustavo.padovan@collabora.co.uk>	2013-01-23 01:54:09 -0200
commit	54ad6d8a5afe1a6d162d8d229a3d8fc48b254d24 (patch)
tree	f636430077b38a32b03e1c2c382297634dbc9d44 /net/bluetooth
parent	e57e619f463e7841940ef1b98969e23f71f5ee8a (diff)