mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'bugfix/bluedroid_avoid_same_bdaddr_conn_v4.1' into 'release/v4.1'
Bluedroid: Do not connect if peer BD_ADDR is same as own BD_ADDR. (v4.1) See merge request espressif/esp-idf!11991
This commit is contained in:
commit
2d7508bd58
@ -404,6 +404,8 @@ SOC_RESERVE_MEMORY_REGION(SOC_MEM_BT_DATA_START, SOC_MEM_BT_DATA_END,
|
||||
|
||||
static DRAM_ATTR struct osi_funcs_t *osi_funcs_p;
|
||||
|
||||
static uint8_t own_bda[6];
|
||||
|
||||
#if CONFIG_SPIRAM_USE_MALLOC
|
||||
static DRAM_ATTR btdm_queue_item_t btdm_queue_table[BTDM_MAX_QUEUE_NUM];
|
||||
static DRAM_ATTR SemaphoreHandle_t btdm_queue_table_mux = NULL;
|
||||
@ -1356,6 +1358,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg)
|
||||
cfg->bt_max_sync_conn = CONFIG_BTDM_CTRL_BR_EDR_MAX_SYNC_CONN_EFF;
|
||||
cfg->magic = ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL;
|
||||
|
||||
read_mac_wrapper(own_bda);
|
||||
if (((cfg->mode & ESP_BT_MODE_BLE) && (cfg->ble_max_conn <= 0 || cfg->ble_max_conn > BTDM_CONTROLLER_BLE_MAX_CONN_LIMIT))
|
||||
|| ((cfg->mode & ESP_BT_MODE_CLASSIC_BT) && (cfg->bt_max_acl_conn <= 0 || cfg->bt_max_acl_conn > BTDM_CONTROLLER_BR_EDR_MAX_ACL_CONN_LIMIT))
|
||||
|| ((cfg->mode & ESP_BT_MODE_CLASSIC_BT) && (cfg->bt_max_sync_conn > BTDM_CONTROLLER_BR_EDR_MAX_SYNC_CONN_LIMIT))) {
|
||||
@ -1644,6 +1647,11 @@ esp_bt_controller_status_t esp_bt_controller_get_status(void)
|
||||
return btdm_controller_status;
|
||||
}
|
||||
|
||||
uint8_t* esp_bt_get_mac(void)
|
||||
{
|
||||
return own_bda;
|
||||
}
|
||||
|
||||
|
||||
/* extra functions */
|
||||
esp_err_t esp_ble_tx_power_set(esp_ble_power_type_t power_type, esp_power_level_t power_level)
|
||||
|
@ -36,6 +36,7 @@
|
||||
#include "osi/fixed_queue.h"
|
||||
#include "osi/alarm.h"
|
||||
#include "stack/btm_ble_api.h"
|
||||
#include "esp_bt.h"
|
||||
|
||||
#if (BT_USE_TRACES == TRUE && BT_TRACE_VERBOSE == FALSE)
|
||||
/* needed for sprintf() */
|
||||
@ -2630,6 +2631,15 @@ void btm_sec_conn_req (UINT8 *bda, UINT8 *dc)
|
||||
return;
|
||||
}
|
||||
|
||||
/* Check if peer device's and our BD_ADDR is same or not. It
|
||||
should be different to avoid 'Impersonation in the Pin Pairing
|
||||
Protocol' (CVE-2020-26555) vulnerability. */
|
||||
if (memcmp(bda, esp_bt_get_mac(), sizeof (BD_ADDR)) == 0) {
|
||||
BTM_TRACE_ERROR ("Security Manager: connect request from device with same BD_ADDR\n");
|
||||
btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Security guys wants us not to allow connection from not paired devices */
|
||||
|
||||
/* Check if connection is allowed for only paired devices */
|
||||
|
@ -750,7 +750,7 @@ enum {
|
||||
BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP, /* Waiting for local response to peer OOB data */
|
||||
BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS, /* Waiting for local IO capabilities and OOB data */
|
||||
BTM_PAIR_STATE_INCOMING_SSP, /* Incoming SSP (got peer IO caps when idle) */
|
||||
BTM_PAIR_STATE_WAIT_AUTH_COMPLETE, /* All done, waiting authentication cpmplete */
|
||||
BTM_PAIR_STATE_WAIT_AUTH_COMPLETE, /* All done, waiting authentication complete */
|
||||
BTM_PAIR_STATE_WAIT_DISCONNECT /* Waiting to disconnect the ACL */
|
||||
};
|
||||
typedef UINT8 tBTM_PAIRING_STATE;
|
||||
|
@ -351,6 +351,12 @@ esp_err_t esp_bt_controller_disable(void);
|
||||
*/
|
||||
esp_bt_controller_status_t esp_bt_controller_get_status(void);
|
||||
|
||||
/**
|
||||
* @brief Get BT MAC address.
|
||||
* @return Array pointer of length 6 storing MAC address value.
|
||||
*/
|
||||
uint8_t* esp_bt_get_mac(void);
|
||||
|
||||
/** @brief esp_vhci_host_callback
|
||||
* used for vhci call host function to notify what host need to do
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user