Bluetooth: controller: Fix bug in LL encryption.

Fix bug in LL encryption procedure, controller was using the wrong pointer to connection state. Function event_enc_prep is called from slave_event_prepare, where _radio.curr_conn has not been assigned yet. The connection ended up sending LL_START_ENC_RSP unencrypted, resulting in disconnect on the peer side with reason MIC failure. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2019-03-15 16:15:42 +01:00 · 2019-03-15 16:15:42 +01:00 · 100287d77b
commit 100287d77b
parent dffe78b332
1 changed files with 5 additions and 5 deletions
--- a/subsys/bluetooth/controller/ll_sw/ctrl.c
+++ b/subsys/bluetooth/controller/ll_sw/ctrl.c
@ -7467,11 +7467,11 @@ static inline void event_enc_prep(struct connection *conn)

 #if !defined(CONFIG_BT_CTLR_FAST_ENC)
 	} else {
-		start_enc_rsp_send(_radio.conn_curr, pdu_ctrl_tx);
+		start_enc_rsp_send(conn, pdu_ctrl_tx);

 		/* resume data packet rx and tx */
-		_radio.conn_curr->pause_rx = 0;
-		_radio.conn_curr->pause_tx = 0;
+		conn->pause_rx = 0;
+		conn->pause_tx = 0;
 #endif /* !CONFIG_BT_CTLR_FAST_ENC */

 	}
@ -9961,10 +9961,10 @@ static u8_t feature_rsp_send(struct connection *conn,

 	/* AND the feature set to get Feature USED */
 	req = &pdu_data_rx->llctrl.feature_req;
-	_radio.conn_curr->llcp_features &= feat_get(&req->features[0]);
+	conn->llcp_features &= feat_get(&req->features[0]);

 	/* features exchanged */
-	_radio.conn_curr->common.fex_valid = 1U;
+	conn->common.fex_valid = 1U;

 	/* Enqueue feature response */
 	pdu_ctrl_tx = (void *)node_tx->pdu_data;