diff options
| author | Pavlin Radoslavov <pavlin@google.com> | 2017-07-07 01:48:40 -0700 |
|---|---|---|
| committer | Andreas Blaesius <skate4life@gmx.de> | 2017-09-17 22:11:31 +0200 |
| commit | a7a928be2e1071f0476d71f545111d1086dde816 (patch) | |
| tree | 85e5849efe5b1073cba5f49f22918ab154af3533 | |
| parent | 5a439513c7001b77a63e6910189e3dcc1539ee1e (diff) | |
| download | android_system_bt-a7a928be2e1071f0476d71f545111d1086dde816.tar.gz android_system_bt-a7a928be2e1071f0476d71f545111d1086dde816.tar.bz2 android_system_bt-a7a928be2e1071f0476d71f545111d1086dde816.zip | |
Disable PAN Reverse Tethering when connection originated by the Remote
* Check for valid interactions between the three PAN profile roles per
Table 1 in PAN Profile v1.0 spec.
* Explicitly disable connections to the local PANU if the remote is
not PANU.
Bug: 63145701
Test: External script
Change-Id: I29a7e404ba7e4453b6a7c59148a2b3eb7395303a
Merged-In: I29a7e404ba7e4453b6a7c59148a2b3eb7395303a
(cherry picked from commit 9aea2c2f92dd5245f6b35d564ce8e471fec2b4ec)
CVE-2017-0783
| -rw-r--r-- | stack/pan/pan_main.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/stack/pan/pan_main.c b/stack/pan/pan_main.c index 2afcd6abe..b5e5339c8 100644 --- a/stack/pan/pan_main.c +++ b/stack/pan/pan_main.c @@ -222,6 +222,42 @@ void pan_conn_ind_cb (UINT16 handle, return; } + /* Check for valid interactions between the three PAN profile roles */ + /* + * For reference, see Table 1 in PAN Profile v1.0 spec. + * Note: the remote is the initiator. + */ + bool is_valid_interaction = false; + switch (remote_uuid->uu.uuid16) + { + case UUID_SERVCLASS_NAP: + case UUID_SERVCLASS_GN: + if (local_uuid->uu.uuid16 == UUID_SERVCLASS_PANU) + is_valid_interaction = true; + break; + case UUID_SERVCLASS_PANU: + is_valid_interaction = true; + break; + } + /* + * Explicitly disable connections to the local PANU if the remote is + * not PANU. + */ + if ((local_uuid->uu.uuid16 == UUID_SERVCLASS_PANU) && + (remote_uuid->uu.uuid16 != UUID_SERVCLASS_PANU)) + { + is_valid_interaction = false; + } + if (!is_valid_interaction) + { + PAN_TRACE_ERROR( + "PAN Connection failed because of invalid PAN profile roles " + "interaction: Remote UUID 0x%x Local UUID 0x%x", + remote_uuid->uu.uuid16, local_uuid->uu.uuid16); + BNEP_ConnectResp(handle, BNEP_CONN_FAILED_SRC_UUID); + return; + } + /* Requested destination role is */ if (local_uuid->uu.uuid16 == UUID_SERVCLASS_PANU) req_role = PAN_ROLE_CLIENT; |