diff options
| author | Johan Hedberg <johan.hedberg@intel.com> | 2014-02-28 10:10:16 +0200 |
|---|---|---|
| committer | Johan Hedberg <johan.hedberg@intel.com> | 2014-02-28 12:36:10 +0200 |
| commit | 759331d7cc660be17bcdc5df53f196135f9dfaf6 (patch) | |
| tree | 1ee15a589cd278f0ac9451434a962f8a64ca92ee /net | |
| parent | fe39c7b2dacf7fd4dcddc26704d01315ab92b7cb (diff) | |
| download | op-kernel-dev-759331d7cc660be17bcdc5df53f196135f9dfaf6.zip op-kernel-dev-759331d7cc660be17bcdc5df53f196135f9dfaf6.tar.gz | |
Bluetooth: Fix clearing SMP keys if pairing fails
If SMP fails we should not leave any keys (LTKs or IRKs) hanging around
the internal lists. This patch adds the necessary code to
smp_chan_destroy to remove any keys we may have in case of pairing
failure.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bluetooth/smp.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index 99abffc..f1cb6a3 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c @@ -589,6 +589,24 @@ void smp_chan_destroy(struct l2cap_conn *conn) complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags); mgmt_smp_complete(conn->hcon, complete); + /* If pairing failed clean up any keys we might have */ + if (!complete) { + if (smp->ltk) { + list_del(&smp->ltk->list); + kfree(smp->ltk); + } + + if (smp->slave_ltk) { + list_del(&smp->slave_ltk->list); + kfree(smp->slave_ltk); + } + + if (smp->remote_irk) { + list_del(&smp->remote_irk->list); + kfree(smp->remote_irk); + } + } + kfree(smp); conn->smp_chan = NULL; conn->hcon->smp_conn = NULL; |
