lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 10 Jun 2011 14:58:50 +0900
From:	Luiz Augusto von Dentz <luiz.dentz@...il.com>
To:	Waldemar.Rymarkiewicz@...to.com, keithp@...thp.com,
	padovan@...fusion.mobi, marcel@...tmann.org,
	linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Regression caused by "Bluetooth: Map sec_level to link key requirements"

Hi Keith,

On Fri, Jun 10, 2011 at 2:55 PM, Johan Hedberg <johan.hedberg@...il.com> wrote:
> Hi,
>
> On Thu, Jun 09, 2011, Waldemar.Rymarkiewicz@...to.com wrote:
>> >I re-pair'ed using a manually entered a 16 digit pin, but now
>> >DUN setup doesn't succeed at all.
>>
>> Did you try to remove all stored link keys and start again?
>> If you already have a pincode which is insecure you have to remove it manually.
>>
>> Try 'hciconfig hciX noauth noencrypt ' before.
>>
>> Check syslog and switch debug on in the kernel first.
>
> So I just realized that the BITE tests were only done for mgmtops.c and
> not hciops.c. One critical difference is that conn->key_type will not be
> set (or actually set to 0xff) for connections which happen after the
> initial pairing has occurred. We're right now testing a one-line patch
> which might fix the issue. Luiz will send it soon if it turns out to
> work fine.

So the fix we were testing looks like this:

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 2f5ae53..b309f84 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -673,8 +673,8 @@ auth:
        if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
                return 0;

-       hci_conn_auth(conn, sec_level, auth_type);
-       return 0;
+       if (!(hci_conn_auth(conn, sec_level, auth_type)))
+               return 0;

 encrypt:
        if (conn->link_mode & HCI_LM_ENCRYPT)

-- 
Luiz Augusto von Dentz
Computer Engineer
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ