Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp640210pxk; Thu, 24 Sep 2020 14:41:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzJoBNnPK8NXcHF18muA31IAG7eWIqZhXBgBjp1mS7DMASTS/bCCWokWt42DHpRhteFS4J4 X-Received: by 2002:aa7:c419:: with SMTP id j25mr803593edq.109.1600983697051; Thu, 24 Sep 2020 14:41:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600983697; cv=none; d=google.com; s=arc-20160816; b=fwqKCyF82GaTOzvVc0Jq/gwT0Z8JChqH7eeCxv3AMsaVY6fsom6itsaqnkiewXe/uy vP3Ag6WwG1kRdxALa3NyC2mZ/QM+ApshaWOhOQwRBuqetbS39xeP8PE8liOONi2zSnh1 Ij08gV9Y84M4cPHPMScp/XbfAFuMlu55sVI5Y+/+JYa4tQMGqYEGXEgkHIFw0b57fV39 jdhI8FQ8DDgAu2jFD+kKlthrt7ndZ2zb4EQ3WcEJAbE/qNwDbVBpfGUTHsAmCp2sOfg4 eM/GKnuP8E7iGD1Fu6kCpwBjiccpdFm8bYTAGed6ldCCEo7KhLXoww1nQlkfG7YHou8G Vmqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Q4DsHsmfuDQlK/ze/VFMbcTBzL2Y6i++davVOgSwf8o=; b=RIje7q6Qaq5YJ/0s0ZoOgTSjsHOroqTctVWV0K6lW9vSEB/3+MRXDC4uEXrRqHoSOn +WYR7Xex7kkbXCYZV60DyyMzG8LNSEpf2E/rDKKIHkwsVzcEk+WNff2WoVEfinAvY5Cl hqnJdhowDwWYPYpFMUczGu+iQk0o7RLPRoh/tZPlB4ij9EXQ78yvjm9z2C40WwLpKBGm eiUxu39nq3Cm3g/LH9LjSSMvxDOrflPZMSUpAeYRBpPIiEJuFWUUhn3qRuxzk8EdUePB t4tI098+TiyzA1K+mAWNTtJ/WpOfgl/Wmt5xSdGAr6o2hH3/X0EPAauBeSj/vrY7+/a7 IYRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bNE+MFcY; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l13si532590ejc.723.2020.09.24.14.41.01; Thu, 24 Sep 2020 14:41:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bNE+MFcY; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726604AbgIXVk4 (ORCPT + 99 others); Thu, 24 Sep 2020 17:40:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726397AbgIXVkz (ORCPT ); Thu, 24 Sep 2020 17:40:55 -0400 Received: from mail-ot1-x341.google.com (mail-ot1-x341.google.com [IPv6:2607:f8b0:4864:20::341]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB72BC0613CE for ; Thu, 24 Sep 2020 14:40:55 -0700 (PDT) Received: by mail-ot1-x341.google.com with SMTP id c2so352701otp.7 for ; Thu, 24 Sep 2020 14:40:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Q4DsHsmfuDQlK/ze/VFMbcTBzL2Y6i++davVOgSwf8o=; b=bNE+MFcYR0PL1WKYkeVg3cLYJ4WVtM2ErI6qCE5/7R2yyBJvbL6idwHlZzkHGx64Tl xGB4fpOIwKkOLmn77ugTcrsQ5l/2eDqZ0I7Yls/byqGoRnU/swRJhJhAHjV0sm8oHad6 8H1UZoDA1X2lYbr40jPCE7KJmDSQcTo9esnIryD5jTifgJ27yj8QdThTiTaDWD1VMtbD ivufCXa26xEVXi53Rry6dIeTMxDoXhjPFHylD1OPH9NX1mDcz4iC6lQtM+fS8MEeXzHO sOqbGCz59Au8XutCRazWkUq/eRjb0OigYfAZwe+fs5+lJ/PSTzuyXFo2uiXa8dSusOWP a7tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q4DsHsmfuDQlK/ze/VFMbcTBzL2Y6i++davVOgSwf8o=; b=FhZsee1wotUafP7Fd/f4g6VHt55GzSsXaOokPhTZI1pQ0W67up3l4tPRMNyglaJZe/ s/mYLv11BTjn8cmMCPLFAp19AHp9dUxfKVwlZgGG5e/ICNZ7FBzBW48LrjRqXMBGI9Xv eNAO+fiZ+OxpWKkDx1QUb/Bc7gY73+cq0AcDYlzBMK2Zkh+pKmxrwAA7dfXMhh6JCx6q 4DMw7xXwz/aANIhPCJZfyh6J94tDo8tZpTQZak/UOrcqIoXekdb8gta6kSSW2ZxV81C+ 20GbSkZ0gAQJrYk5vzzDjX9K8GXdSx7toH6HbgkhEd1x6neqq3Fg2i+h/NowK+9e1n/b EyAQ== X-Gm-Message-State: AOAM5327aVIeaAFBzdOTB80CH0KBFhn93QxOrl/Rcp/GZeDUCcOMsCJs A3roLP2JZWwRhavCya7RrU8kR+xanz9GEkb8SeI= X-Received: by 2002:a05:6830:22e6:: with SMTP id t6mr798740otc.88.1600983655050; Thu, 24 Sep 2020 14:40:55 -0700 (PDT) MIME-Version: 1.0 References: <20200924140527.Bluez.v1.1.Iedecbb8c8ebb111b14206dddc5bea3c40dfa1771@changeid> In-Reply-To: <20200924140527.Bluez.v1.1.Iedecbb8c8ebb111b14206dddc5bea3c40dfa1771@changeid> From: Luiz Augusto von Dentz Date: Thu, 24 Sep 2020 14:40:43 -0700 Message-ID: Subject: Re: [Bluez PATCH v1] device: Disable auto connect when pairing failed To: Yu Liu Cc: "linux-bluetooth@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Yu Liu, On Thu, Sep 24, 2020 at 2:08 PM Yu Liu wrote: > > When connecting a LE keyboard, if the user input the wrong passkey, the > stack would keep auto connect and thus allow the user to retry the > passkey indefinitely which is a security concern. This fix would > disallow the auto connect if the authentication failed. > > --- > > Changes in v1: > - Initial change > > src/device.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/src/device.c b/src/device.c > index a4b5968d4..764cca60e 100644 > --- a/src/device.c > +++ b/src/device.c > @@ -6033,11 +6033,17 @@ void device_bonding_complete(struct btd_device *device, uint8_t bdaddr_type, > device_cancel_authentication(device, TRUE); > > /* Put the device back to the temporary state so that it will be > - * treated as a newly discovered device. > + * treated as a newly discovered device; also disable auto > + * connect. > */ > if (!device_is_paired(device, bdaddr_type) && > - !device_is_trusted(device)) > + !device_is_trusted(device)) { > btd_device_set_temporary(device, true); > + if (device->auto_connect) { > + device->disable_auto_connect = TRUE; > + device_set_auto_connect(device, FALSE); > + } > + } While this looks correct we could perhaps design it in such a way that only trusted device are allowed to set auto connect, though that may need a lot more changes than this one so I would be fine applying this so we can think about the implications, also perhaps this should be incorporated to btd_device_set_temporary since a temporary device should probably not be left in to auto-connect and only a user action to attempt to use it again to restore its auto connect status. To summarize we should answer 2 questions: 1. Should an untrusted device be allowed to be marked as auto-connect? Maybe, though we didn't consider trusted property for auto-connect, but I think using it might make auto-connect more predictable to the upper layer. 2. Should a temporary device be allowed to be marked as auto-connect? Most likely not, it should be removed if the user doesn't take any action during the temporary grace period. > device_bonding_failed(device, status); > return; > -- > 2.28.0.681.g6f77f65b4e-goog > -- Luiz Augusto von Dentz