Bluetooth: don't assume key size is 16 when the command fails

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

With this change, the encryption key size is not assumed to be 16 if the
read_encryption_key_size command fails for any reason. This ensures
that if the controller fails the command for any reason that the
encryption key size isn't implicitely set to 16 and instead take a more
concervative posture to assume it is 0.

Signed-off-by: Alain Michaud <alainm@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

authored by

Alain Michaud and committed by

Marcel Holtmann 6 years ago 32b50729 b48596d1

+4 -4

1 changed file

expand all

net

bluetooth

hci_event.c

+4 -4

net/bluetooth/hci_event.c

··· 2963 2963 if (!conn) 2964 2964 goto unlock; 2965 2965 2966 - /* If we fail to read the encryption key size, assume maximum 2967 - * (which is the same we do also when this HCI command isn't 2968 - * supported. 2966 + /* While unexpected, the read_enc_key_size command may fail. The most 2967 + * secure approach is to then assume the key size is 0 to force a 2968 + * disconnection. 2969 2969 */ 2970 2970 if (rp->status) { 2971 2971 bt_dev_err(hdev, "failed to read key size for handle %u", 2972 2972 handle); 2973 - conn->enc_key_size = HCI_LINK_KEY_SIZE; 2973 + conn->enc_key_size = 0; 2974 2974 } else { 2975 2975 conn->enc_key_size = rp->key_size; 2976 2976 }