Multiple networks use different IV Index's, so we should only use decryption cache after successful decoding. --- mesh/net-keys.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mesh/net-keys.c b/mesh/net-keys.c index 84e3982f5..1a2b590eb 100644 --- a/mesh/net-keys.c +++ b/mesh/net-keys.c @@ -216,7 +216,8 @@ uint32_t net_key_decrypt(uint32_t iv_index, const uint8_t *pkt, size_t len, if (iv_pkt != iv_flag) iv_index--; - if (cache_len == len && memcmp(pkt, cache_pkt, len) == 0) + /* If we already successfully decrypted this packet, use cached data */ + if (cache_id && cache_len == len && !memcmp(pkt, cache_pkt, len)) goto done; cache_id = 0; @@ -228,6 +229,7 @@ uint32_t net_key_decrypt(uint32_t iv_index, const uint8_t *pkt, size_t len, l_queue_foreach(keys, decrypt_net_pkt, NULL); done: + /* IV Index must match what was used to decrypt */ if (cache_iv_index != iv_index) return 0; -- 2.14.5
