Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1076290rwb; Thu, 6 Oct 2022 08:11:11 -0700 (PDT) X-Google-Smtp-Source: AMsMyM62Lz7AvZlUABuHWyf6UQySKugOXlwZjXI/ZmiAHuLuJzm79W93gwkxuqFCofTkpcTSaNRs X-Received: by 2002:a05:6402:22c7:b0:459:487c:b077 with SMTP id dm7-20020a05640222c700b00459487cb077mr270459edb.66.1665069071275; Thu, 06 Oct 2022 08:11:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665069071; cv=none; d=google.com; s=arc-20160816; b=GARdRm0nsI+18DEgNQJ5BuTGgxu/uf/4cjtAga9f8l8lJfytd5AF/lGU5JZ0ILCitf xY97/B7M0o1kuBcEe6A4N8YEIt1yW82lgas0jkQTwCK1GKnMKUmQpSjjPLRnNE7MDmlj rAOtmvKccmGfnTErcY9TZ4BsWup/pyuu+Heol14KGxsQWL/19VBZPvdWC4Up5MRB6/gC tqoOfenzjiseu/hScFqwh6h7M6I3wAf6YIkAkBhZ9iZXWXCsOaZogpGEDrg+JQStq2s7 BbsywkrKnFeM0guSs3YLldWA/pSThBGMil6vYhM0Imx4+JwPg7XLPEh6A8BHdoG8gliN VyCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=aBwev7GIlGAIBkdIvcZXk+O8yKRFAR/g70oUT50p7Gw=; b=r/Ika2+vGMP6Juq1Wlgeo1LA02exj9UtXjbjG6fXuYUaQzLUa2XQAyaROyH3l4PtAn PlJgFFpgiJKJO2VAkS1yonetc8GgdKFPtBNNzySTt0nE/pMlIVvdpRmt4qL0NEUq7dWF 8ubA9DVudXV7/7iGNPyiogAGBNb8DWZyv8hs06+WMFIP0cYy44wUltbOIjlRFVjmWo3j X+vex0+WePkX9Isvtl1jv2atWus9tY0wOyzKze26rv3CjiTfALpwcDtaJ5X5FDyNl08B /vgiB5q7OJX9js5c5CHU5dE7P9QFhUrpp8aVHQFetMgCeYc/64qqdZ9JMrVfz38ARxSx C3zQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w6-20020a05640234c600b0045968aa645dsi750609edc.30.2022.10.06.08.10.34; Thu, 06 Oct 2022 08:11:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230453AbiJFPAA (ORCPT + 99 others); Thu, 6 Oct 2022 11:00:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231749AbiJFO76 (ORCPT ); Thu, 6 Oct 2022 10:59:58 -0400 Received: from voyager.loytec.com (voyager.loytec.com [88.198.4.4]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C787D1F619 for ; Thu, 6 Oct 2022 07:59:54 -0700 (PDT) Received: from 212-17-98-152.static.upcbusiness.at ([212.17.98.152] helo=lexx.office.loytec.com) by voyager.loytec.com with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ogSLo-0006rc-1b for linux-bluetooth@vger.kernel.org; Thu, 06 Oct 2022 16:59:52 +0200 Received: from loytec-dev-vm.delta.corp ([10.101.25.21]) by lexx.office.loytec.com (8.15.2/8.15.2/Some OS 1.2.3-4.5) with ESMTP id 296ExnRG4163430; Thu, 6 Oct 2022 16:59:49 +0200 From: Isak Westin To: linux-bluetooth@vger.kernel.org Cc: Isak Westin Subject: [PATCH BlueZ 4/6] mesh: provisionee: Check prov start parameters Date: Thu, 6 Oct 2022 16:59:25 +0200 Message-Id: <20221006145927.32731-5-isak.westin@loytec.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20221006145927.32731-1-isak.westin@loytec.com> References: <20221006145927.32731-1-isak.westin@loytec.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 212.17.98.152 X-SA-Exim-Mail-From: isak.westin@loytec.com X-SA-Exim-Scanned: No (on voyager.loytec.com); SAEximRunCond expanded to false X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Verify that all parameters in a Provisioning Start PDU are valid, also compared to the capabilities that has been sent. --- mesh/prov-acceptor.c | 57 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 11 deletions(-) diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c index 0cefb2fa9..bf8c573da 100644 --- a/mesh/prov-acceptor.c +++ b/mesh/prov-acceptor.c @@ -384,6 +384,47 @@ static void send_rand(struct mesh_prov_acceptor *prov) prov_send(prov, &msg, sizeof(msg)); } +static bool prov_start_check(struct prov_start *start, + struct mesh_net_prov_caps *caps) +{ + if (start->algorithm || start->pub_key > 1 || start->auth_method > 3) + return false; + + if (start->pub_key && !caps->pub_type) + return false; + + switch (start->auth_method) { + case 0: /* No OOB */ + if (start->auth_action != 0 || start->auth_size != 0) + return false; + + break; + + case 1: /* Static OOB */ + if (!caps->static_type || start->auth_action != 0 || + start->auth_size != 0) + return false; + + break; + + case 2: /* Output OOB */ + if (!(caps->output_action & (1 << start->auth_action)) || + start->auth_size == 0) + return false; + + break; + + case 3: /* Input OOB */ + if (!(caps->input_action & (1 << start->auth_action)) || + start->auth_size == 0) + return false; + + break; + } + + return true; +} + static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len) { struct mesh_prov_acceptor *rx_prov = user_data; @@ -433,22 +474,16 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len) memcpy(&prov->conf_inputs.start, data, sizeof(prov->conf_inputs.start)); - if (prov->conf_inputs.start.algorithm || - prov->conf_inputs.start.pub_key > 1 || - prov->conf_inputs.start.auth_method > 3) { + if (!prov_start_check(&prov->conf_inputs.start, + &prov->conf_inputs.caps)) { fail.reason = PROV_ERR_INVALID_FORMAT; goto failure; } if (prov->conf_inputs.start.pub_key) { - if (prov->conf_inputs.caps.pub_type) { - /* Prompt Agent for Private Key of OOB */ - mesh_agent_request_private_key(prov->agent, - priv_key_cb, prov); - } else { - fail.reason = PROV_ERR_INVALID_PDU; - goto failure; - } + /* Prompt Agent for Private Key of OOB */ + mesh_agent_request_private_key(prov->agent, + priv_key_cb, prov); } else { /* Ephemeral Public Key requested */ ecc_make_key(prov->conf_inputs.dev_pub_key, -- 2.20.1