feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'bugfix/bt_impersonation_passkey_fix_v4.0' into 'release/v4.0'

Browse Source 
Bluedroid: Check only x component of passkey to avoid passkey impersonation attack. (v4.0)

See merge request espressif/esp-idf!13898
This commit is contained in:
Island
2021-06-09 06:32:42 +00:00
parent bdbfdcdf5c e42479e129
commit 8ca5068f20
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/bt/host/bluedroid/stack/smp/smp_act.c
View File

@ -764,8 +764,7 @@ void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
/* Check if the peer device's and own public key are not same. If they are same then /* Check if the peer device's and own public key are not same. If they are same then
* return pairing fail. This check is needed to avoid 'Impersonation in Passkey entry * return pairing fail. This check is needed to avoid 'Impersonation in Passkey entry
* protocol' vulnerability (CVE-2020-26558).*/ * protocol' vulnerability (CVE-2020-26558).*/
if ((memcmp(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, sizeof(BT_OCTET32)) == 0) && if ((memcmp(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, sizeof(BT_OCTET32)) == 0)) {
(memcmp(p_cb->loc_publ_key.y, p_cb->peer_publ_key.y, sizeof(BT_OCTET32)) == 0)) {
p_cb->status = SMP_PAIR_AUTH_FAIL; p_cb->status = SMP_PAIR_AUTH_FAIL;
p_cb->failure = SMP_PAIR_AUTH_FAIL; p_cb->failure = SMP_PAIR_AUTH_FAIL;
reason = SMP_PAIR_AUTH_FAIL; reason = SMP_PAIR_AUTH_FAIL;