archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 07:44:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

Browse source 
This adds a check for encryption key size upon receiving
L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
expects L2CAP_CR_LE_BAD_KEY_SIZE.

Link: https://lore.kernel.org/linux-bluetooth/5782243.rdbgypaU67@n9w6sw14/
Fixes: 27e2d4c8d2 ("Bluetooth: Add basic LE L2CAP connect request receiving support")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Tested-by: Christian Eggers <ceggers@arri.de>
This commit is contained in:
Luiz Augusto von Dentz 2026-02-13 13:33:33 -05:00
parent a8d1d73c81
commit 138d7eca44
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
net/bluetooth/l2cap_core.c
View file

@ -4916,6 +4916,13 @@ static int l2cap_le_connect_req(struct l2cap_conn *conn,
goto response_unlock;
}
/* Check if Key Size is sufficient for the security level */
if (!l2cap_check_enc_key_size(conn->hcon, pchan)) {
result = L2CAP_CR_LE_BAD_KEY_SIZE;
chan = NULL;
goto response_unlock;
}
/* Check for valid dynamic CID range */
if (scid < L2CAP_CID_DYN_START || scid > L2CAP_CID_LE_DYN_END) {
result = L2CAP_CR_LE_INVALID_SCID;