You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by na...@apache.org on 2019/12/30 11:14:15 UTC
[mynewt-nimble] branch master updated: nimble/host: Fail pairing
when received unexpected pairing request
This is an automated email from the ASF dual-hosted git repository.
naraj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git
The following commit(s) were added to refs/heads/master by this push:
new 787c7b7 nimble/host: Fail pairing when received unexpected pairing request
787c7b7 is described below
commit 787c7b7fadb2f41ee10d6aa9b68d99abe1696faa
Author: MichaĆ Narajowski <mi...@codecoup.pl>
AuthorDate: Fri Dec 20 15:14:55 2019 +0100
nimble/host: Fail pairing when received unexpected pairing request
According to spec, after pairing req/rsp we should proceed to
next step of the pairing procedure. This means that we should not
restart the procedure if another one is already in progress. This
patch fixes this issue by aborting the proc and sending pairing
failed to peer.
---
nimble/host/src/ble_sm.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/nimble/host/src/ble_sm.c b/nimble/host/src/ble_sm.c
index c83426d..641d03a 100644
--- a/nimble/host/src/ble_sm.c
+++ b/nimble/host/src/ble_sm.c
@@ -1765,8 +1765,21 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
*/
proc = ble_sm_proc_find(conn_handle, BLE_SM_PROC_STATE_NONE, -1, &prev);
if (proc != NULL) {
- /* Pairing already in progress; abort old procedure and start new. */
- /* XXX: Check the spec on this. */
+ /* Fail if procedure is in progress unless we sent a slave security
+ * request to peer.
+ */
+ if (proc->state != BLE_SM_PROC_STATE_SEC_REQ) {
+ res->sm_err = BLE_SM_ERR_UNSPECIFIED;
+ res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_UNSPECIFIED);
+ ble_hs_unlock();
+ return;
+ }
+
+ /* Remove the procedure because it was allocated when
+ * sending the Slave Security Request and it will be allocated
+ * again later in this method. We should probably refactor this
+ * in the future.
+ */
ble_sm_proc_remove(proc, prev);
ble_sm_proc_free(proc);
}