Google Git
Sign in
zircon-guest / third_party / linux / be91967244bec4a0f1ca0f4a207764c554bfabc2
commitbe91967244bec4a0f1ca0f4a207764c554bfabc2[log] [tgz]
authorLuiz Augusto von Dentz <luiz.von.dentz@intel.com>Thu Oct 05 13:59:59 2023 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Oct 25 11:13:33 2023 +0200
treec06fed3ffd9b7c9e8326acdfa5554a038803346a
parentc3830fca233beab7f7928024c288a4ad5e32b00b [diff]
Bluetooth: hci_event: Fix using memcmp when comparing keys

commit b541260615f601ae1b5d6d0cc54e790de706303b upstream.

memcmp is not consider safe to use with cryptographic secrets:

 'Do  not  use memcmp() to compare security critical data, such as
 cryptographic secrets, because the required CPU time depends on the
 number of equal bytes.'

While usage of memcmp for ZERO_KEY may not be considered a security
critical data, it can lead to more usage of memcmp with pairing keys
which could introduce more security problems.

Fixes: 455c2ff0a558 ("Bluetooth: Fix BR/EDR out-of-band pairing with only initiator data")
Fixes: 33155c4aae52 ("Bluetooth: hci_event: Ignore NULL link key")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: c06fed3ffd9b7c9e8326acdfa5554a038803346a
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README