[PATCH BlueZ v3 1/1] mesh: Sequence number related fixes

Brian Gix <brian.gix@xxxxxxxxx> · Thu, 16 Jan 2020 08:39:08 -0800

From: Jakub Witowski <jakub.witowski@xxxxxxxxxxx>

---
 mesh/crypto.c           |  3 +++
 mesh/mesh-config-json.c | 16 ++++++++++++++--
 mesh/net.c              |  9 +++++++++
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/mesh/crypto.c b/mesh/crypto.c
index 8ea906ac9..596a289f9 100644
--- a/mesh/crypto.c
+++ b/mesh/crypto.c
@@ -637,6 +637,9 @@ bool mesh_crypto_packet_build(bool ctl, uint8_t ttl,
 	uint32_t hdr;
 	size_t n;
 
+	if (seq > SEQ_MASK)
+		return false;
+
 	l_put_be32(seq, packet + 1);
 	packet[1] = (ctl ? CTL : 0) | (ttl & TTL_MASK);
 
diff --git a/mesh/mesh-config-json.c b/mesh/mesh-config-json.c
index 755caab0e..5855149e3 100644
--- a/mesh/mesh-config-json.c
+++ b/mesh/mesh-config-json.c
@@ -40,6 +40,7 @@
 #include "mesh/mesh-defs.h"
 #include "mesh/util.h"
 #include "mesh/mesh-config.h"
+#include "mesh/net.h"
 
 /* To prevent local node JSON cache thrashing, minimum update times */
 #define MIN_SEQ_CACHE_TRIGGER	32
@@ -365,7 +366,7 @@ static bool read_seq_number(json_object *jobj, uint32_t *seq_number)
 	if (!val && errno == EINVAL)
 		return false;
 
-	if (val < 0 || val > 0xffffff)
+	if (val < 0 || val > SEQ_MASK + 1)
 		return false;
 
 	*seq_number = (uint32_t) val;
@@ -2019,10 +2020,21 @@ bool mesh_config_write_seq_number(struct mesh_config *cfg, uint32_t seq,
 		if (cached < seq + MIN_SEQ_CACHE_VALUE)
 			cached = seq + MIN_SEQ_CACHE_VALUE;
 
-		l_debug("Seq Cache: %d -> %d", seq, cached);
+		/* Cap the seq cache maximum to fixed out-of-range value.
+		 * If daemon restarts with out-of-range value, no packets
+		 * are to be sent until IV Update procedure completes.
+		 */
+		if (cached > SEQ_MASK)
+			cached = SEQ_MASK + 1;
 
 		cfg->write_seq = seq;
 
+		/* Don't rewrite NVM storage if unchanged */
+		if (value == (int) cached)
+			return true;
+
+		l_debug("Seq Cache: %d -> %d", seq, cached);
+
 		if (!write_int(cfg->jnode, "sequenceNumber", cached))
 		    return false;
 
diff --git a/mesh/net.c b/mesh/net.c
index f0f0dbdbd..35388beec 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -511,6 +511,15 @@ uint32_t mesh_net_next_seq_num(struct mesh_net *net)
 {
 	uint32_t seq = net->seq_num++;
 
+	/* Cap out-of-range seq_num max value to +1. Out of range
+	 * seq_nums will not be sent as they would violate spec.
+	 * This condition signals a runaway seq_num condition, and
+	 * the node must wait for a completed IV Index update procedure
+	 * before it can send again.
+	 */
+	if (net->seq_num > SEQ_MASK)
+		net->seq_num = SEQ_MASK + 1;
+
 	node_set_sequence_number(net->node, net->seq_num);
 	return seq;
 }
-- 
2.21.1







