From fb55f9f39742562853fe0e8ed3d9c7b9ff5b8d61 Mon Sep 17 00:00:00 2001 From: Chinmay Chhajed Date: Fri, 28 May 2021 14:28:54 +0530 Subject: [PATCH] Bluedroid: Check only x component of passkey to avoid passkey impersonation attack. --- components/bt/host/bluedroid/stack/smp/smp_act.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/components/bt/host/bluedroid/stack/smp/smp_act.c b/components/bt/host/bluedroid/stack/smp/smp_act.c index 0ff45ad4aa..21ddc886ec 100644 --- a/components/bt/host/bluedroid/stack/smp/smp_act.c +++ b/components/bt/host/bluedroid/stack/smp/smp_act.c @@ -764,8 +764,7 @@ void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) /* Check if the peer device's and own public key are not same. If they are same then * return pairing fail. This check is needed to avoid 'Impersonation in Passkey entry * protocol' vulnerability (CVE-2020-26558).*/ - if ((memcmp(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, sizeof(BT_OCTET32)) == 0) && - (memcmp(p_cb->loc_publ_key.y, p_cb->peer_publ_key.y, sizeof(BT_OCTET32)) == 0)) { + if ((memcmp(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, sizeof(BT_OCTET32)) == 0)) { p_cb->status = SMP_PAIR_AUTH_FAIL; p_cb->failure = SMP_PAIR_AUTH_FAIL; reason = SMP_PAIR_AUTH_FAIL;