You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2019/06/25 13:30:16 UTC

[GitHub] [mynewt-nimble] jhedberg commented on a change in pull request #499: nimble/mesh: Reject invalid remote public key

jhedberg commented on a change in pull request #499: nimble/mesh: Reject invalid remote public key
URL: https://github.com/apache/mynewt-nimble/pull/499#discussion_r297188464
 
 

 ##########
 File path: nimble/host/mesh/src/prov.c
 ##########
 @@ -898,24 +898,14 @@ static void send_pub_key(void)
 		goto done;
 	}
 
-	prov_buf_init(buf, PROV_PUB_KEY);
-
-	/* Swap X and Y halves independently to big-endian */
-	sys_memcpy_swap(net_buf_simple_add(buf, 32), key, 32);
-	sys_memcpy_swap(net_buf_simple_add(buf, 32), &key[32], 32);
-
-	memcpy(&link.conf_inputs[81], &buf->om_data[1], 64);
-
-	BT_DBG("Local Public Key: %s", bt_hex(&buf->om_data[1], 64));
-
-	prov_send(buf);
+	/* bt_dh_key_gen() will verify that the remote's public key is valid. */
 
 	/* Copy remote key in little-endian for bt_dh_key_gen().
 	 * X and Y halves are swapped independently.
 	 */
 	net_buf_simple_init(buf, 0);
-	sys_memcpy_swap(buf->om_data, &link.conf_inputs[17], 32);
-	sys_memcpy_swap(&buf->om_data[32], &link.conf_inputs[49], 32);
+	sys_memcpy_swap(net_buf_simple_add(buf, 32), &link.conf_inputs[17], 32);
+	sys_memcpy_swap(net_buf_simple_add(buf, 32), &link.conf_inputs[49], 32);
 
 Review comment:
   Why are you using net_buf_simple_add here? From what I see bt_dh_key_gen() doesn't care about the net_buf_simple internal bookkeeping, rather just gets a pointer to the data. It's only later for the response that the net_buf_simple state needs to be correct, and starting by calling prov_buf_init() should take care of that. In fact, prov_buf_init() does not take care of resetting buf->len so you're ending up with a corrupt (overflowing) buffer as far as I see.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services