michaelh/zephyr
1
0
Fork 0
Code Releases Activity
zephyr/subsys/bluetooth/host
History
Joakim Andersson d2c1da1335 Bluetooth: Host: Fix invalid pointer in bt_smp_pkey_ready 
The storage for the public key is pub_key in hci_core.c.
When the public key event is generated the public key is copied into
this buffer, but the pointer to the event storage of the key is given
in the public key ready callback (bt_smp_pkey_ready).
SMP expects that it is safe to assign a global pointer to this variable.
In smp_init bt_pub_key_get is used to get the pointer to the public key.
In both cases SMP assigns the le_sc_pub_key to the pointer given.

This creates an issue when bt_smp_pkey_ready callback occurs after
smp_init during pairing procedure, SMP will then have a pointer to an
event buffer that has been released and contains invalid data.

Fixes: #18580

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2019-08-27 13:05:08 +03:00
..
a2dp.c cleanup: include/: move misc/util.h to sys/util.h 2019-06-27 22:55:49 -04:00
a2dp_internal.h Bluetooth: A2DP: Stream End Point Structure 2017-01-28 08:43:41 +02:00
at.c all: Add 'U' suffix when using unsigned variables 2019-03-28 17:15:58 -05:00
at.h tests: bluetooth/at: Fix string signedness issues 2017-09-26 12:56:50 +03:00
att.c Bluetooth: Dispatch internal callbacks using RX thread 2019-08-09 21:01:59 +02:00
att_internal.h Bluetooth: Dispatch internal callbacks using RX thread 2019-08-09 21:01:59 +02:00
avdtp.c cleanup: include/: move misc/util.h to sys/util.h 2019-06-27 22:55:49 -04:00
avdtp_internal.h Bluetooth: convert to using newly introduced integer sized types 2017-04-20 13:25:23 -05:00
CMakeLists.txt Bluetooth: Mesh: Move under subsys/bluetooth/mesh 2019-07-10 09:41:57 +03:00
conn.c Bluetooth: Host: Add option to force pairing in bt_conn_security 2019-08-26 13:12:49 +02:00
conn_internal.h Bluetooth: Host: Add option to force pairing in bt_conn_security 2019-08-26 13:12:49 +02:00
crypto.c cleanup: include/: move misc/byteorder.h to sys/byteorder.h 2019-06-27 22:55:49 -04:00
crypto.h Bluetooth: Make LE Encrypt helpers public 2017-03-21 17:05:42 -07:00
ecc.h Bluetooth: convert to using newly introduced integer sized types 2017-04-20 13:25:23 -05:00
gatt.c Bluetooth: GATT: Fix using variable size storage for CCC 2019-08-22 15:14:39 +03:00
gatt_internal.h Bluetooth: GATT: Fix not clearing Client Features 2019-04-11 12:04:53 +03:00
hci_core.c Bluetooth: Host: Fix invalid pointer in bt_smp_pkey_ready 2019-08-27 13:05:08 +03:00
hci_core.h Bluetooth: Host: Add whitelist support in Bluetooth Host API 2019-08-09 16:26:10 +02:00
hci_ecc.c Bluetooth: Introduce separate pool for discardable events 2019-07-01 16:36:15 +03:00
hci_ecc.h Bluetooth: Make bt_hci_driver instances link-time constants 2017-03-21 17:05:42 -07:00
hci_raw.c Bluetooth: Introduce separate pool for discardable events 2019-07-01 16:36:15 +03:00
hci_raw_internal.h Bluetooth: Make bt_hci_driver instances link-time constants 2017-03-21 17:05:42 -07:00
hfp_hf.c cleanup: include/: move misc/util.h to sys/util.h 2019-06-27 22:55:49 -04:00
hfp_internal.h Bluetooth: Kconfig: Rename CONFIG_BLUETOOTH_* to CONFIG_BT_* 2017-08-09 11:14:19 +03:00
Kconfig Bluetooth: SMP: Add option to treat debug keys normally during debugging 2019-08-26 13:12:49 +02:00
Kconfig.gatt Bluetooth: GATT: Kconfig: Remove redundant BT_CONN dependencies 2019-08-08 11:54:46 +02:00
Kconfig.l2cap Bluetooth: L2CAP: Kconfig: Remove redundant BT_CONN dependency 2019-08-07 16:51:02 +03:00
keys.c Bluetooth: Keys: Fix logging assertions when enabling BT_DEBUG_KEYS. 2019-07-31 16:48:54 +02:00
keys.h Bluetooth: host: Allow to disable legacy pairing. 2018-10-16 14:25:56 +03:00
keys_br.c cleanup: include/: move misc/util.h to sys/util.h 2019-06-27 22:55:49 -04:00
l2cap.c Bluetooth: Dispatch internal callbacks using RX thread 2019-08-09 21:01:59 +02:00
l2cap_br.c Bluetooth: L2CAP: Make use of Z_STRUCT_SECTION_ITERABLE 2019-07-04 17:00:09 +03:00
l2cap_internal.h Bluetooth: Dispatch internal callbacks using RX thread 2019-08-09 21:01:59 +02:00
monitor.c cleanup: include/: move misc/byteorder.h to sys/byteorder.h 2019-06-27 22:55:49 -04:00
monitor.h Bluetooth: Kconfig: Rename CONFIG_BLUETOOTH_* to CONFIG_BT_* 2017-08-09 11:14:19 +03:00
rfcomm.c cleanup: include/: move misc/stack.h to debug/stack.h 2019-06-27 22:55:49 -04:00
rfcomm_internal.h Bluetooth: Kconfig: Rename CONFIG_BLUETOOTH_* to CONFIG_BT_* 2017-08-09 11:14:19 +03:00
sdp.c cleanup: include/: move misc/byteorder.h to sys/byteorder.h 2019-06-27 22:55:49 -04:00
sdp_internal.h Bluetooth: convert to using newly introduced integer sized types 2017-04-20 13:25:23 -05:00
settings.c Bluetooth: Settings: Fix generated identity not persistently stored. 2019-08-05 11:00:57 +02:00
settings.h subsys/settings: Update bluetooth module 2019-06-26 16:31:01 +02:00
smp.c Bluetooth: SMP: Give security changed when rejecting LTK 2019-08-26 13:12:49 +02:00
smp.h Bluetooth: SMP: Give security changed when rejecting LTK 2019-08-26 13:12:49 +02:00
smp_null.c cleanup: include/: move misc/util.h to sys/util.h 2019-06-27 22:55:49 -04:00
testing.c Bluetooth: testing: Exclude Mesh related code if BT_MESH not set 2018-09-19 10:48:39 +03:00
testing.h Bluetooth: testing: Exclude Mesh related code if BT_MESH not set 2018-09-19 10:48:39 +03:00
uuid.c Bluetooth: Host: Find by type should accept 128bit UUIDs 2019-08-07 15:39:11 +02:00