Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1065226pxv; Fri, 9 Jul 2021 16:44:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxvrc0jdoBr3PgK0HuIG5H4K/pFNMUQ8FFEjsO0T9B2ZtHSYEXy1mxEChhvUwTFCh5LTI0o X-Received: by 2002:a05:6e02:2144:: with SMTP id d4mr29537718ilv.136.1625874260466; Fri, 09 Jul 2021 16:44:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625874260; cv=none; d=google.com; s=arc-20160816; b=MpN9kE0arG3AvefIGbEjO4LAdI6CU/N7FUZCSVzQokz20FGP79YnKpLTiLm6naPYvI V/WlGUxiB4JWsbAKDEclM0OSWofWDPLElTC/lPW9JjQRqL98aLJPWmIfGagqoqqaUjZh 9Y+8aRQ2HANUIIQdxEPBm8fMOSb0EwQAxrRMyfnzlKPKYJJwQO+d4MhckV3CLUEi3Up1 1SAeigguIEiU1IRIp2Ds5Ca2Pv11JUGOLjZPTPt5gXVjNh67O2ofHT1yCGeQhdR6L/aN 7FmAOqv8LCv9wQEq7HvHjtdjVGw5mvB3fgnhAphGbGeo0+Tgxv802GrwJrEsL7PrwrGB 6wNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:to:from:dkim-signature; bh=5GcsXNey5JPTZzzwym+kQ939mpw9C0mM8fDY+uip8xg=; b=EN17l/uU3Ack2ErKgMEUoTpDtu5ssMB/gpXMznJdeNDaWwh+HFeB2XHh2d853gYlx1 n47wzipJ1rw3O+ZUdxLE7tXaYCk+Jmo/c930LLnfMqOqOxpFQLwabp3N9JVpmoFKEUcx xEmTpi/1mkhjnk5hGndkz9peLppBBMnFTm2acakrVsxFiUDd2WMtZ94HSIu5ARlvy6Zb akgcLeeQOQ6oGx7UCS3xrpHL7bAWnr2AL0pNT9I5SrkdCLUwkg+upkf3D03ywMlQ3SpM AYI6oQFsUaIaToAi+Zxl2A1epflWkmPsgh8PiLOeZiUYwmLvq0gXpWVQlG4P58JimWwe sR+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bwB9Eqyp; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i11si7916308jaj.16.2021.07.09.16.43.50; Fri, 09 Jul 2021 16:44:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bwB9Eqyp; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230168AbhGIXpc (ORCPT + 99 others); Fri, 9 Jul 2021 19:45:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230130AbhGIXpc (ORCPT ); Fri, 9 Jul 2021 19:45:32 -0400 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A6FAC0613DD for ; Fri, 9 Jul 2021 16:42:47 -0700 (PDT) Received: by mail-pj1-x1036.google.com with SMTP id oj10-20020a17090b4d8ab0290172f77377ebso6968830pjb.0 for ; Fri, 09 Jul 2021 16:42:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=5GcsXNey5JPTZzzwym+kQ939mpw9C0mM8fDY+uip8xg=; b=bwB9EqypKX/0W6yj9guvkRc0Dodx3Z+ibz7DlwH+bp0gR1yn2utF/PJNUS/ki34P7G CJYYeLjJxo6FprXxE4uSIIAbmGhzuSGcrWIZQfWg/1ZxTjD7JNYBRzXtJoXwCcVRXQCm QKexo4nCQzlTel0FiXMokc7TJpn7uqEOO1TAnL4QhTIkp4D7dbQxbnfSnEuvmYCq4KgJ Drzz3HL/987R8TUn+e+PPe/FcEsgy3vYNeDqIc58BoD21YXKgxb5B4Zd7Jy7hK8PfA3B Xz2nd07YAgm42hMRoQkFitAxc3V0qE06NWl7RiNLP+cM3zKL4rQiP+SjzSF09A2q6Hsd FhaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=5GcsXNey5JPTZzzwym+kQ939mpw9C0mM8fDY+uip8xg=; b=QHLIzjRvqyqECQpnghm/eE2RPE6Lxv64f8HvadQ13gMYDB63GJvA0rN11LXEBf0D1r lus99FqnDftHobrsX/CcDFgfps+w4rDyKsCHoeEjWaxTo3kehWJ5MDWj3riFbUDF6Jfp EPyKASBTFNCIdbuaXKiOhTb9qUvBQADERrSY+jClk3/ZycLVBlm17z3FY85a4nUkOaaG UzB5AZQf9rNBLXjorDgZVYKADDZlVA2Kwp8vmJ32Y2E/A0coIdp/J5/EcehnoAa342lA zKre6lzeMUSWQtXvy8NECZtIYlTpiTukL4xY//f4anFB2x+k4GUMqhGVyTPbvFPSPeDP iaGQ== X-Gm-Message-State: AOAM533CM+/yltbvcQS5kd93QOzyZrtIEXqUbUqIrNE406Oo9AONV68G 5M0eycP61FrZFriXpfonXr69P8/wcdS+FQ== X-Received: by 2002:a17:903:4049:b029:129:dda6:cbf3 with SMTP id n9-20020a1709034049b0290129dda6cbf3mr9181881pla.6.1625874166513; Fri, 09 Jul 2021 16:42:46 -0700 (PDT) Received: from localhost.localdomain (c-71-56-157-77.hsd1.or.comcast.net. [71.56.157.77]) by smtp.gmail.com with ESMTPSA id f18sm13519974pjq.48.2021.07.09.16.42.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jul 2021 16:42:45 -0700 (PDT) From: Luiz Augusto von Dentz To: linux-bluetooth@vger.kernel.org Subject: [PATCH BlueZ] btdev: Add proper checks for own_addr_type for extended advertising Date: Fri, 9 Jul 2021 16:42:42 -0700 Message-Id: <20210709234242.1646501-1-luiz.dentz@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org From: Luiz Augusto von Dentz own_addr_type 0x01 and 0x03 shall check that a random address has properly been set and in case of 0x03 the resolving list actually contains the irk of the identity address: BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E page 2596 'If the advertising set's Own_Address_Type parameter is set to 0x01 and the random address for the advertising set has not been initialized, the Controller shall return the error code Invalid HCI Command Parameters (0x12).' BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E page 2597 'If the advertising set's Own_Address_Type parameter is set to 0x03, the controller's resolving list did not contain a matching entry, and the random address for the advertising set has not been initialized, the Controller shall return the error code Invalid HCI Command Parameters (0x12).' --- emulator/btdev.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/emulator/btdev.c b/emulator/btdev.c index 1567713d2..f1c3a0a84 100644 --- a/emulator/btdev.c +++ b/emulator/btdev.c @@ -4538,6 +4538,20 @@ static bool ext_adv_timeout(void *user_data) return false; } +static struct btdev_rl *rl_find(struct btdev *dev, uint8_t type, uint8_t *addr) +{ + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(dev->le_rl); i++) { + struct btdev_rl *rl = &dev->le_rl[i]; + + if (RL_ADDR_EQUAL(rl, type, addr)) + return rl; + } + + return NULL; +} + static int cmd_set_ext_adv_enable(struct btdev *dev, const void *data, uint8_t len) { @@ -4576,6 +4590,37 @@ static int cmd_set_ext_adv_enable(struct btdev *dev, const void *data, goto exit_complete; } + if ((ext_adv->own_addr_type == 0x01 || + ext_adv->own_addr_type == 0x03)) { + uint8_t none[6]; + + memset(none, 0, sizeof(none)); + + /* If the advertising set's Own_Address_Type parameter + * is set to 0x01 (or 0x03) and the random address for + * the advertising set has not been initialized, the + * Controller shall return the error code Invalid HCI + * Command Parameters (0x12). + */ + if (!memcmp(ext_adv->random_addr, none, sizeof(none))) { + status = BT_HCI_ERR_INVALID_PARAMETERS; + goto exit_complete; + } + + /* If the advertising set's Own_Address_Type parameter + * is set to 0x03, the controller's resolving list did + * not contain a matching entry, the Controller shall + * return the error code Invalid HCI Command + * Parameters (0x12). + */ + if (ext_adv->own_addr_type == 0x03 && + !rl_find(dev, ext_adv->direct_addr_type, + ext_adv->direct_addr)) { + status = BT_HCI_ERR_INVALID_PARAMETERS; + goto exit_complete; + } + } + ext_adv->enable = cmd->enable; if (!cmd->enable) -- 2.31.1