You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by an...@apache.org on 2022/02/24 14:33:20 UTC

[mynewt-nimble] 10/10: nimble/ll: Check MIC on every PDU

This is an automated email from the ASF dual-hosted git repository.

andk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-nimble.git

commit 93b3ab71dc94a4cde14d91c65b5869e5a28ba5e3
Author: Andrzej Kaczmarek <an...@codecoup.pl>
AuthorDate: Thu Feb 24 12:55:57 2022 +0100

    nimble/ll: Check MIC on every PDU
    
    We should check for MIC failure before any other checks to detect
    failures even on corrupted PDUs.
    
    This fixes LL/SEC/PER/BI-04-C.
---
 nimble/controller/src/ble_ll_conn.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/nimble/controller/src/ble_ll_conn.c b/nimble/controller/src/ble_ll_conn.c
index 398b4e2..d1725f2 100644
--- a/nimble/controller/src/ble_ll_conn.c
+++ b/nimble/controller/src/ble_ll_conn.c
@@ -3161,6 +3161,15 @@ ble_ll_conn_rx_data_pdu(struct os_mbuf *rxpdu, struct ble_mbuf_hdr *hdr)
     acl_len = rxbuf[1];
     llid = hdr_byte & BLE_LL_DATA_HDR_LLID_MASK;
 
+
+#if MYNEWT_VAL(BLE_LL_CFG_FEAT_LE_ENCRYPTION)
+    if (BLE_MBUF_HDR_MIC_FAILURE(hdr)) {
+        STATS_INC(ble_ll_conn_stats, mic_failures);
+        ble_ll_conn_timeout(connsm, BLE_ERR_CONN_TERM_MIC);
+        goto conn_rx_data_pdu_end;
+    }
+#endif
+
     /*
      * Check that the LLID and payload length are reasonable.
      * Empty payload is only allowed for LLID == 01b.
@@ -3232,18 +3241,6 @@ ble_ll_conn_rx_data_pdu(struct os_mbuf *rxpdu, struct ble_mbuf_hdr *hdr)
         goto conn_rx_data_pdu_end;
     }
 
-#if MYNEWT_VAL(BLE_LL_CFG_FEAT_LE_ENCRYPTION)
-    /*
-     * XXX: should we check to see if we are in a state where we
-     * might expect to get an encrypted PDU?
-     */
-    if (BLE_MBUF_HDR_MIC_FAILURE(hdr)) {
-        STATS_INC(ble_ll_conn_stats, mic_failures);
-        ble_ll_conn_timeout(connsm, BLE_ERR_CONN_TERM_MIC);
-        goto conn_rx_data_pdu_end;
-    }
-#endif
-
     if (llid == BLE_LL_LLID_CTRL) {
         /* Process control frame */
         STATS_INC(ble_ll_conn_stats, rx_ctrl_pdus);