Bluetooth: SMP: Fix crash when using KeyboardOnly capabilities
This fix crash due to calling auth callback from wrong pointer. get_io_capa was using bt_smp_io_capa instead of structure provided in argument. This resulted in checking NULL pointer for provided callbacks. By coincident this always returned BT_SMP_IO_KEYBOARD_DISPLAY (first 8 bytes in memory were non-zero) and resulted in calling callback from NULL address if application didn't provided passkey_display or passkey_entry callbacks. btshell> bt: bt_smp_connected (0x00115360): conn 0x00111788 handle 73 bt: bt_att_connected (0x00115360): conn 0x00111788 handle 73 bt: bt_gatt_connected (0x00115360): conn 0x00111788 Connected: 20:68:9D:60:A1:E4 (public) bt: bt_smp_recv (0x00115360): Received SMP code 0x01 len 7 bt: smp_pairing_req (0x00115360): bt: smp_init (0x00115360): prnd 8773a11cde889e1b7397064527a5469d ***** Unhandled exception/interrupt occurred! ***** Current thread ID = 0x00115360 Faulting instruction address = 0x00111788 Fatal fiber error! Aborting fiber. Change-Id: Ic297603a3fbc8bd741d5110c01bef61f7dda1d6f Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This commit is contained in:
Szymon Janc
Anas Nashif
parent
a51d61d214
commit
7ee4fa4473
1 changed files with 3 additions and 3 deletions
|
|
@ -2021,15 +2021,15 @@ static inline int smp_self_test(void)
|
|||
|
||||
static uint8_t get_io_capa(const struct bt_auth_cb *cb)
|
||||
{
|
||||
if (auth_cb->passkey_display && auth_cb->passkey_entry) {
|
||||
if (cb->passkey_display && cb->passkey_entry) {
|
||||
return BT_SMP_IO_KEYBOARD_DISPLAY;
|
||||
}
|
||||
|
||||
if (auth_cb->passkey_entry) {
|
||||
if (cb->passkey_entry) {
|
||||
return BT_SMP_IO_KEYBOARD_ONLY;
|
||||
}
|
||||
|
||||
if (auth_cb->passkey_display) {
|
||||
if (cb->passkey_display) {
|
||||
return BT_SMP_IO_DISPLAY_ONLY;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue