Bluetooth: Mesh: Fix ignoring old SeqAuth values

Replay protection is not enforced at the Lower Transport Layer, so it
is possible to get an old replayed segment here. In such a case
cleanly discard it instead of causing a valid existing transaction
from being discarded.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
Johan Hedberg 2018-01-27 11:59:10 -08:00 committed by Johan Hedberg
commit a0ab6086e3

View file

@ -1018,7 +1018,10 @@ static struct seg_rx *seg_rx_find(struct bt_mesh_net_rx *net_rx,
continue;
}
if (rx->seq_auth == *seq_auth) {
/* Return newer RX context in addition to an exact match, so
* the calling function can properly discard an old SeqAuth.
*/
if (rx->seq_auth >= *seq_auth) {
return rx;
}
@ -1133,6 +1136,12 @@ static int trans_seg(struct net_buf_simple *buf, struct bt_mesh_net_rx *net_rx,
/* Look for old RX sessions */
rx = seg_rx_find(net_rx, seq_auth);
if (rx) {
/* Discard old SeqAuth packet */
if (rx->seq_auth > *seq_auth) {
BT_WARN("Ignoring old SeqAuth");
return -EINVAL;
}
if (!seg_rx_is_valid(rx, net_rx, hdr, seg_n)) {
return -EINVAL;
}