File HOGP-must-only-accept-data-from-bonded-devices.patch of Package bluez.27456

From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001
From: Alain Michaud <alainm@chromium.org>
Date: Tue Mar 10 02:35:16 2020 +0000
Subject: [PATCH 1/2] HOGP must only accept data from bonded devices.

HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding.

Reference:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm
---
 profiles/input/hog.c | 4 ++++
 1 file changed, 4 insertions(+)

Index: bluez-5.13/profiles/input/hog.c
===================================================================
--- bluez-5.13.orig/profiles/input/hog.c
+++ bluez-5.13/profiles/input/hog.c
@@ -681,6 +681,10 @@ static void attio_connected_cb(GAttrib *
 
 	DBG("HoG connected");
 
+	/* HOGP 1.0 Section 6.1 requires bonding */
+	if (!device_is_bonded(hogdev->device) || !btd_device_is_connected(hogdev->device))
+		return -ECONNREFUSED;
+
 	hogdev->attrib = g_attrib_ref(attrib);
 
 	if (hogdev->reports == NULL) {

Places

File HOGP-must-only-accept-data-from-bonded-devices.patch of Package bluez.27456

Places