From b32d6c355a95dd444b397e86c67bed92ead0f41d Mon Sep 17 00:00:00 2001 From: lly Date: Tue, 26 Oct 2021 15:16:55 +0800 Subject: [PATCH] ble_mesh: stack: Apply the errata E16350 from Bluetooth SIG --- components/bt/esp_ble_mesh/mesh_core/prov.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/components/bt/esp_ble_mesh/mesh_core/prov.c b/components/bt/esp_ble_mesh/mesh_core/prov.c index 9a4cef9bd4..dcc7a0daf0 100644 --- a/components/bt/esp_ble_mesh/mesh_core/prov.c +++ b/components/bt/esp_ble_mesh/mesh_core/prov.c @@ -840,6 +840,7 @@ static void prov_start(const uint8_t *data) static void send_confirm(void) { + uint8_t *local_conf = NULL; PROV_BUF(cfm, 17); BT_DBG("ConfInputs[0] %s", bt_hex(link.conf_inputs, 64)); @@ -872,13 +873,21 @@ static void send_confirm(void) prov_buf_init(&cfm, PROV_CONFIRM); + local_conf = net_buf_simple_add(&cfm, 16); + if (bt_mesh_prov_conf(link.conf_key, link.rand, link.auth, - net_buf_simple_add(&cfm, 16))) { + local_conf)) { BT_ERR("Unable to generate confirmation value"); prov_send_fail_msg(PROV_ERR_UNEXP_ERR); return; } + if (!memcmp(link.conf, local_conf, 16)) { + BT_ERR("Confirmation value is identical to ours, rejecting."); + prov_send_fail_msg(PROV_ERR_NVAL_FMT); + return; + } + if (prov_send(&cfm)) { BT_ERR("Unable to send Provisioning Confirm"); return;