From 2e8cd0bff45e22890623c92708091f6b03c264d8 Mon Sep 17 00:00:00 2001
From: Lukasz Rymanowski <lukasz.rymanowski@tieto.com>
Date: Thu, 29 May 2014 15:49:35 +0200
Subject: [PATCH] android/gatt: Verify signature counter from remote

We will receive signature counter as a part of signature in att packet.
We shall verify if signature counter has value as expected otherwise
drop the message.
---
 android/gatt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/android/gatt.c b/android/gatt.c
index 66d622483..d11298fd9 100644
--- a/android/gatt.c
+++ b/android/gatt.c
@@ -5066,6 +5066,13 @@ static void write_signed_cmd_request(const uint8_t *cmd, uint16_t cmd_len,
 
 	if (len) {
 		uint8_t t[ATT_SIGNATURE_LEN];
+		uint32_t r_sign_cnt = get_le32(s);
+
+		if (r_sign_cnt != sign_cnt) {
+			error("gatt: sign_cnt does not match (%d!=%d)",
+							sign_cnt, r_sign_cnt);
+			return;
+		}
 
 		/* Generate signature and verify it */
 		if (!bt_crypto_sign_att(crypto, csrk, value, vlen, sign_cnt,
-- 
2.47.3