Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
From:   Luiz Augusto von Dentz <luiz.dentz@gmail.com>
To:     linux-bluetooth@vger.kernel.org
Subject: [PATCH v2] btdev: Add proper checks for own_addr_type for extended advertising
Date:   Tue, 13 Jul 2021 17:22:24 -0700
Message-Id: <20210714002224.2632842-1-luiz.dentz@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

own_addr_type 0x01 and 0x03 shall check that a random address has
properly been set and in case of 0x03 the resolving list actually
contains the irk of the identity address:

BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E
page 2596

  'If the advertising set's Own_Address_Type parameter is set to 0x01
  and the random address for the advertising set has not been
  initialized, the Controller shall return the error code Invalid HCI
  Command Parameters (0x12).'

BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 4, Part E
page 2597

  'If the advertising set's Own_Address_Type parameter is set to 0x03,
  the controller's resolving list did not contain a matching entry, and
  the random address for the advertising set has not been initialized,
  the Controller shall return the error code Invalid HCI Command
  Parameters (0x12).'
---
v2: Fix checks for Own_Address_Type when is to 0x03 since it can work with
both resolving list _and_ when a random address is set.

 emulator/btdev.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/emulator/btdev.c b/emulator/btdev.c
index 1567713d2..b6142f176 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -4538,6 +4538,20 @@ static bool ext_adv_timeout(void *user_data)
 	return false;
 }
 
+static struct btdev_rl *rl_find(struct btdev *dev, uint8_t type, uint8_t *addr)
+{
+	unsigned int i;
+
+	for (i = 0; i < ARRAY_SIZE(dev->le_rl); i++) {
+		struct btdev_rl *rl = &dev->le_rl[i];
+
+		if (RL_ADDR_EQUAL(rl, type, addr))
+			return rl;
+	}
+
+	return NULL;
+}
+
 static int cmd_set_ext_adv_enable(struct btdev *dev, const void *data,
 							uint8_t len)
 {
@@ -4561,6 +4575,7 @@ static int cmd_set_ext_adv_enable(struct btdev *dev, const void *data,
 	for (i = 0; i < cmd->num_of_sets; i++) {
 		const struct bt_hci_cmd_ext_adv_set *eas;
 		struct le_ext_adv *ext_adv;
+		bool random_addr;
 
 		eas = data + sizeof(*cmd) + (sizeof(*eas) * i);
 
@@ -4576,6 +4591,35 @@ static int cmd_set_ext_adv_enable(struct btdev *dev, const void *data,
 			goto exit_complete;
 		}
 
+		random_addr = bacmp((bdaddr_t *)ext_adv->random_addr,
+							BDADDR_ANY);
+
+		/* If the advertising set's Own_Address_Type parameter
+		 * is set to 0x01 and the random address for
+		 * the advertising set has not been initialized, the
+		 * Controller shall return the error code Invalid HCI
+		 * Command Parameters (0x12).
+		 */
+		if (ext_adv->own_addr_type == 0x01 && !random_addr) {
+			status = BT_HCI_ERR_INVALID_PARAMETERS;
+			goto exit_complete;
+		}
+
+		/* If the advertising set's Own_Address_Type parameter is set
+		 * to 0x03, the controller's resolving list did not contain a
+		 * matching entry, and the random address for the advertising
+		 * set has not been initialized, the Controller shall return the
+		 * error code Invalid HCI Command Parameters (0x12).
+		 */
+		if (ext_adv->own_addr_type == 0x03 && !random_addr) {
+			if (!dev->le_rl_enable ||
+					!rl_find(dev, ext_adv->direct_addr_type,
+					ext_adv->direct_addr)) {
+				status = BT_HCI_ERR_INVALID_PARAMETERS;
+				goto exit_complete;
+			}
+		}
+
 		ext_adv->enable = cmd->enable;
 
 		if (!cmd->enable)
-- 
2.31.1