Commit 759331d7 authored by Johan Hedberg's avatar Johan Hedberg

Bluetooth: Fix clearing SMP keys if pairing fails

If SMP fails we should not leave any keys (LTKs or IRKs) hanging around
the internal lists. This patch adds the necessary code to
smp_chan_destroy to remove any keys we may have in case of pairing
failure.
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent fe39c7b2
...@@ -589,6 +589,24 @@ void smp_chan_destroy(struct l2cap_conn *conn) ...@@ -589,6 +589,24 @@ void smp_chan_destroy(struct l2cap_conn *conn)
complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags); complete = test_bit(SMP_FLAG_COMPLETE, &smp->smp_flags);
mgmt_smp_complete(conn->hcon, complete); mgmt_smp_complete(conn->hcon, complete);
/* If pairing failed clean up any keys we might have */
if (!complete) {
if (smp->ltk) {
list_del(&smp->ltk->list);
kfree(smp->ltk);
}
if (smp->slave_ltk) {
list_del(&smp->slave_ltk->list);
kfree(smp->slave_ltk);
}
if (smp->remote_irk) {
list_del(&smp->remote_irk->list);
kfree(smp->remote_irk);
}
}
kfree(smp); kfree(smp);
conn->smp_chan = NULL; conn->smp_chan = NULL;
conn->hcon->smp_conn = NULL; conn->hcon->smp_conn = NULL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment