Commit 138d7eca authored by Luiz Augusto von Dentz's avatar Luiz Augusto von Dentz
Browse files

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ 

This adds a check for encryption key size upon receiving
L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
expects L2CAP_CR_LE_BAD_KEY_SIZE.

Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/


Fixes: 27e2d4c8 ("Bluetooth: Add basic LE L2CAP connect request receiving support")
Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: default avatarChristian Eggers <ceggers@arri.de>
parent a8d1d73c

net/bluetooth/l2cap_core.c

+7 −0
Original line number Diff line number Diff line
@@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn, 
		goto response_unlock;

	}



	/* Check if Key Size is sufficient for the security level */

	if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {

		result = L2CAP_CR_LE_BAD_KEY_SIZE;

		chan = NULL;

		goto response_unlock;

	}



	/* Check for valid dynamic CID range */

	if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {

		result = L2CAP_CR_LE_INVALID_SCID;