From d9d66a590bf4cf8dadc99abb7379212903c10e32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20Storr=C3=B8?= <anders.storro@nordicsemi.no>
Date: Wed, 28 Feb 2024 14:38:12 +0100
Subject: [PATCH] Bluetooth: Mesh: Prevent duplicate cdb appkeys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes issue where it is possible to store the same appkey
multiple times in CDB implementation.

Signed-off-by: Anders Storrø <anders.storro@nordicsemi.no>
---
 include/zephyr/bluetooth/mesh/cdb.h |  6 ++++--
 subsys/bluetooth/mesh/cdb.c         | 22 +++++++++++++++-------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/include/zephyr/bluetooth/mesh/cdb.h b/include/zephyr/bluetooth/mesh/cdb.h
index 8ea35ec2e55aae..9b7fbf4af79684 100644
--- a/include/zephyr/bluetooth/mesh/cdb.h
+++ b/include/zephyr/bluetooth/mesh/cdb.h
@@ -249,7 +249,8 @@ void bt_mesh_cdb_node_foreach(bt_mesh_cdb_node_func_t func, void *user_data);
  *
  *  @param net_idx NetIdx of the subnet.
  *
- *  @return The new subnet or NULL if it cannot be allocated.
+ *  @return The new subnet or NULL if it cannot be allocated due to
+ *          lack of resources or the subnet has been already allocated.
  */
 struct bt_mesh_cdb_subnet *bt_mesh_cdb_subnet_alloc(uint16_t net_idx);
 
@@ -328,7 +329,8 @@ int bt_mesh_cdb_subnet_key_export(const struct bt_mesh_cdb_subnet *sub, int key_
  *  @param net_idx NetIdx of NetKey that the application key is bound to.
  *  @param app_idx AppIdx of the application key.
  *
- *  @return The new application key or NULL if it cannot be allocated.
+ *  @return The new application key or NULL if it cannot be allocated due to
+ *          lack of resources or the key has been already allocated.
  */
 struct bt_mesh_cdb_app_key *bt_mesh_cdb_app_key_alloc(uint16_t net_idx,
 						      uint16_t app_idx);
diff --git a/subsys/bluetooth/mesh/cdb.c b/subsys/bluetooth/mesh/cdb.c
index 2735c269798109..33c9601807c285 100644
--- a/subsys/bluetooth/mesh/cdb.c
+++ b/subsys/bluetooth/mesh/cdb.c
@@ -94,6 +94,7 @@ struct bt_mesh_cdb bt_mesh_cdb = {
 	},
 	.app_keys = {
 		[0 ... (CONFIG_BT_MESH_CDB_APP_KEY_COUNT - 1)] = {
+			.app_idx = BT_MESH_KEY_UNUSED,
 			.net_idx = BT_MESH_KEY_UNUSED,
 		}
 	},
@@ -1024,26 +1025,32 @@ int bt_mesh_cdb_node_key_export(const struct bt_mesh_cdb_node *node, uint8_t out
 	return bt_mesh_key_export(out, &node->dev_key);
 }
 
-struct bt_mesh_cdb_app_key *bt_mesh_cdb_app_key_alloc(uint16_t net_idx,
-						      uint16_t app_idx)
+struct bt_mesh_cdb_app_key *bt_mesh_cdb_app_key_alloc(uint16_t net_idx, uint16_t app_idx)
 {
 	struct bt_mesh_cdb_app_key *key;
+	struct bt_mesh_cdb_app_key *vacant_key = NULL;
 	int i;
 
 	for (i = 0; i < ARRAY_SIZE(bt_mesh_cdb.app_keys); ++i) {
 		key = &bt_mesh_cdb.app_keys[i];
 
-		if (key->net_idx != BT_MESH_KEY_UNUSED) {
+		if (key->app_idx == app_idx) {
+			return NULL;
+		}
+
+		if (key->net_idx != BT_MESH_KEY_UNUSED || vacant_key) {
 			continue;
 		}
 
-		key->net_idx = net_idx;
-		key->app_idx = app_idx;
+		vacant_key = key;
+	}
 
-		return key;
+	if (vacant_key) {
+		vacant_key->net_idx = net_idx;
+		vacant_key->app_idx = app_idx;
 	}
 
-	return NULL;
+	return vacant_key;
 }
 
 void bt_mesh_cdb_app_key_del(struct bt_mesh_cdb_app_key *key, bool store)
@@ -1055,6 +1062,7 @@ void bt_mesh_cdb_app_key_del(struct bt_mesh_cdb_app_key *key, bool store)
 	}
 
 	key->net_idx = BT_MESH_KEY_UNUSED;
+	key->app_idx = BT_MESH_KEY_UNUSED;
 	bt_mesh_key_destroy(&key->keys[0].app_key);
 	bt_mesh_key_destroy(&key->keys[1].app_key);
 	memset(key->keys, 0, sizeof(key->keys));