Message ID | 20200917181031.v1.1.I67a8b8cd4def8166970ca37109db46d731b62bb6@changeid |
---|---|
State | Awaiting Upstream |
Delegated to: | David Miller |
Headers | show |
Series | [v1] Bluetooth: Check for encryption key size on connect | expand |
Hi Archie, > When receiving connection, we only check whether the link has been > encrypted, but not the encryption key size of the link. > > This patch adds check for encryption key size, and reject L2CAP > connection which size is below the specified threshold (default 7) > with security block. please include btmon trace in the commit message to demonstrate this. Regards Marcel
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index ade83e224567..b4fc0ad38aaa 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -4101,7 +4101,8 @@ static struct l2cap_chan *l2cap_connect(struct l2cap_conn *conn, /* Check if the ACL is secure enough (if not SDP) */ if (psm != cpu_to_le16(L2CAP_PSM_SDP) && - !hci_conn_check_link_mode(conn->hcon)) { + (!hci_conn_check_link_mode(conn->hcon) || + !l2cap_check_enc_key_size(conn->hcon))) { conn->disc_reason = HCI_ERROR_AUTH_FAILURE; result = L2CAP_CR_SEC_BLOCK; goto response;