www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	Wed, 30 Apr 2025 19:07:03 +0000 (15:07 -0400)
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
	Thu, 8 May 2025 14:24:15 +0000 (10:24 -0400)
commit	c82b6357a5465a3222780ac5d3edcdfb02208cc3
tree	8e9beae1956b39ba8986a7818155a9daab9a1327	tree
parent	1e2e3044c1bc64a64aa0eaf7c17f7832c26c9775	commit \| diff

Bluetooth: hci_event: Fix not using key encryption size when its known

This fixes the regression introduced by 50c1241e6a8a ("Bluetooth: l2cap:
Check encryption key size on incoming connection") introduced a check for
l2cap_check_enc_key_size which checks for hcon->enc_key_size which may
not be initialized if HCI_OP_READ_ENC_KEY_SIZE is still pending.

If the key encryption size is known, due previously reading it using
HCI_OP_READ_ENC_KEY_SIZE, then store it as part of link_key/smp_ltk
structures so the next time the encryption is changed their values are
used as conn->enc_key_size thus avoiding the racing against
HCI_OP_READ_ENC_KEY_SIZE.

Now that the enc_size is stored as part of key the information the code
then attempts to check that there is no downgrade of security if
HCI_OP_READ_ENC_KEY_SIZE returns a value smaller than what has been
previously stored.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=220061
Link: https://bugzilla.kernel.org/show_bug.cgi?id=220063
Fixes: 522e9ed157e3 ("Bluetooth: l2cap: Check encryption key size on incoming connection")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

include/net/bluetooth/hci_core.h		diff \| blob \| history
net/bluetooth/hci_conn.c		diff \| blob \| history
net/bluetooth/hci_event.c		diff \| blob \| history