nimble/host: Fix MITM vulnerability during public key exchange in secure connection
diff --git a/nimble/host/src/ble_sm_sc.c b/nimble/host/src/ble_sm_sc.c
index 7fae5b1..162a4a2 100644
--- a/nimble/host/src/ble_sm_sc.c
+++ b/nimble/host/src/ble_sm_sc.c
@@ -612,6 +612,13 @@
}
cmd = (struct ble_sm_public_key *)(*om)->om_data;
+ /* Check if the peer public key is same as our generated public key.
+ * Return fail if the public keys match. */
+ if (memcmp(cmd, ble_sm_sc_pub_key, 64) == 0) {
+ res->enc_cb = 1;
+ res->sm_err = BLE_SM_ERR_AUTHREQ;
+ return;
+ }
ble_hs_lock();
proc = ble_sm_proc_find(conn_handle, BLE_SM_PROC_STATE_PUBLIC_KEY, -1,