alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'bugfix/bluedroid_avoid_same_bdaddr_conn_v3.3' into 'release/v3.3'

Browse Source 
Bluedroid: Do not connect if peer BD_ADDR is same as own BD_ADDR. (v3.3)

See merge request espressif/esp-idf!11993
This commit is contained in:
Jiang Jiang Jian 2021-01-18 14:35:25 +08:00
commit 854ccb743d
4 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
components/bt/bluedroid/stack/btm/btm_sec.c
View File

@ -35,6 +35,7 @@
#include "l2c_int.h" #include "l2c_int.h"
#include "osi/fixed_queue.h" #include "osi/fixed_queue.h"
#include "osi/alarm.h" #include "osi/alarm.h"
#include "esp_bt.h"
#if (BT_USE_TRACES == TRUE && BT_TRACE_VERBOSE == FALSE) #if (BT_USE_TRACES == TRUE && BT_TRACE_VERBOSE == FALSE)
/* needed for sprintf() */ /* needed for sprintf() */
@ -2616,6 +2617,15 @@ void btm_sec_conn_req (UINT8 *bda, UINT8 *dc)
return; return;
} }
/* Check if peer device's and our BD_ADDR is same or not. It
should be different to avoid 'Impersonation in the Pin Pairing
Protocol' (CVE-2020-26555) vulnerability. */
if (memcmp(bda, esp_bt_get_mac(), sizeof (BD_ADDR)) == 0) {
BTM_TRACE_ERROR ("Security Manager: connect request from device with same BD_ADDR\n");
btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE);
return;
}
/* Security guys wants us not to allow connection from not paired devices */ /* Security guys wants us not to allow connection from not paired devices */
/* Check if connection is allowed for only paired devices */ /* Check if connection is allowed for only paired devices */

2
components/bt/bluedroid/stack/btm/include/btm_int.h
View File

@ -735,7 +735,7 @@ enum {
BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP, /* Waiting for local response to peer OOB data */ BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP, /* Waiting for local response to peer OOB data */
BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS, /* Waiting for local IO capabilities and OOB data */ BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS, /* Waiting for local IO capabilities and OOB data */
BTM_PAIR_STATE_INCOMING_SSP, /* Incoming SSP (got peer IO caps when idle) */ BTM_PAIR_STATE_INCOMING_SSP, /* Incoming SSP (got peer IO caps when idle) */
BTM_PAIR_STATE_WAIT_AUTH_COMPLETE, /* All done, waiting authentication cpmplete */ BTM_PAIR_STATE_WAIT_AUTH_COMPLETE, /* All done, waiting authentication complete */
BTM_PAIR_STATE_WAIT_DISCONNECT /* Waiting to disconnect the ACL */ BTM_PAIR_STATE_WAIT_DISCONNECT /* Waiting to disconnect the ACL */
}; };
typedef UINT8 tBTM_PAIRING_STATE; typedef UINT8 tBTM_PAIRING_STATE;

8
components/bt/bt.c
View File

@ -401,6 +401,8 @@ SOC_RESERVE_MEMORY_REGION(SOC_MEM_BT_DATA_START, SOC_MEM_BT_DATA_END,
static DRAM_ATTR struct osi_funcs_t *osi_funcs_p; static DRAM_ATTR struct osi_funcs_t *osi_funcs_p;
static uint8_t own_bda[6];
#if CONFIG_SPIRAM_USE_MALLOC #if CONFIG_SPIRAM_USE_MALLOC
static DRAM_ATTR btdm_queue_item_t btdm_queue_table[BTDM_MAX_QUEUE_NUM]; static DRAM_ATTR btdm_queue_item_t btdm_queue_table[BTDM_MAX_QUEUE_NUM];
static DRAM_ATTR SemaphoreHandle_t btdm_queue_table_mux = NULL; static DRAM_ATTR SemaphoreHandle_t btdm_queue_table_mux = NULL;
@ -1343,6 +1345,7 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg)
cfg->bt_max_sync_conn = CONFIG_BTDM_CONTROLLER_BR_EDR_MAX_SYNC_CONN_EFF; cfg->bt_max_sync_conn = CONFIG_BTDM_CONTROLLER_BR_EDR_MAX_SYNC_CONN_EFF;
cfg->magic = ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL; cfg->magic = ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL;
read_mac_wrapper(own_bda);
if (((cfg->mode & ESP_BT_MODE_BLE) && (cfg->ble_max_conn <= 0 || cfg->ble_max_conn > BTDM_CONTROLLER_BLE_MAX_CONN_LIMIT)) if (((cfg->mode & ESP_BT_MODE_BLE) && (cfg->ble_max_conn <= 0 || cfg->ble_max_conn > BTDM_CONTROLLER_BLE_MAX_CONN_LIMIT))
|| ((cfg->mode & ESP_BT_MODE_CLASSIC_BT) && (cfg->bt_max_acl_conn <= 0 || cfg->bt_max_acl_conn > BTDM_CONTROLLER_BR_EDR_MAX_ACL_CONN_LIMIT)) || ((cfg->mode & ESP_BT_MODE_CLASSIC_BT) && (cfg->bt_max_acl_conn <= 0 || cfg->bt_max_acl_conn > BTDM_CONTROLLER_BR_EDR_MAX_ACL_CONN_LIMIT))
|| ((cfg->mode & ESP_BT_MODE_CLASSIC_BT) && (cfg->bt_max_sync_conn > BTDM_CONTROLLER_BR_EDR_MAX_SYNC_CONN_LIMIT))) { || ((cfg->mode & ESP_BT_MODE_CLASSIC_BT) && (cfg->bt_max_sync_conn > BTDM_CONTROLLER_BR_EDR_MAX_SYNC_CONN_LIMIT))) {
@ -1611,6 +1614,11 @@ esp_bt_controller_status_t esp_bt_controller_get_status(void)
return btdm_controller_status; return btdm_controller_status;
} }
uint8_t* esp_bt_get_mac(void)
{
return own_bda;
}
/* extra functions */ /* extra functions */
esp_err_t esp_ble_tx_power_set(esp_ble_power_type_t power_type, esp_power_level_t power_level) esp_err_t esp_ble_tx_power_set(esp_ble_power_type_t power_type, esp_power_level_t power_level)

6
components/bt/include/esp_bt.h
View File

@ -331,6 +331,12 @@ esp_err_t esp_bt_controller_disable(void);
*/ */
esp_bt_controller_status_t esp_bt_controller_get_status(void); esp_bt_controller_status_t esp_bt_controller_get_status(void);
/**
* @brief Get BT MAC address.
* @return Array pointer of length 6 storing MAC address value.
*/
uint8_t* esp_bt_get_mac(void);
/** @brief esp_vhci_host_callback /** @brief esp_vhci_host_callback
* used for vhci call host function to notify what host need to do * used for vhci call host function to notify what host need to do
*/ */