Google Git
Sign in
android / platform / system / bt / e37d3b365a50638650cf1b9d9c0ed05e372a870f^! / .
commite37d3b365a50638650cf1b9d9c0ed05e372a870f[log] [tgz]
authorHansong Zhang <hsz@google.com>Mon Dec 07 13:11:10 2020 -0800
committerandroid-build-team Robot <android-build-team-robot@google.com>Tue Feb 09 01:24:46 2021 +0000
tree63a38dd8c24527b42ceb1c4de8da0df246d46898
parent045acf5c055b6cbe8d59a8e16cdade808517e931 [diff]
Legacy pairing: Reject device with same BD_ADDR

Change-Id: If3daec91c3d108a4e7e988608e0600c79ea5f053
Tag: #vulnerability
Test: manual
Bug: 174626251
(cherry picked from commit 374bb0401a5649af4a97e8d8c7373c7daf37f6ac)

diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index 5d7d0f9..bdda174 100644
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc

@@ -4674,6 +4674,13 @@
   VLOG(2) << __func__ << " BDA: " << p_bda
           << " state: " << btm_pair_state_descr(btm_cb.pairing_state);
 
+  RawAddress local_bd_addr = *controller_get_interface()->get_address();
+  if (p_bda == local_bd_addr) {
+    android_errorWriteLog(0x534e4554, "174626251");
+    btsnd_hcic_pin_code_neg_reply(p_bda);
+    return;
+  }
+
   if (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) {
     if ((p_bda == btm_cb.pairing_bda) &&
         (btm_cb.pairing_state == BTM_PAIR_STATE_WAIT_AUTH_COMPLETE)) {