Skip to content

Fix iOS BLE mesh authentication issues in BLEService #998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jackjackbits merged 4 commits into from
Jan 28, 2026
Merged

Fix iOS BLE mesh authentication issues in BLEService #998

jackjackbits merged 4 commits into from
Jan 28, 2026

Conversation

@0x0v1
Copy link
Contributor

@0x0v1 0x0v1 commented Jan 28, 2026

  • Bind sender IDs to BLE connection UUIDs for peripherals and centrals to prevent spoofing
  • Enforce explicit RSR request/response validation and remove legacy TTL==0 RSR path
  • Remove TTL==0 unconditional acceptance for messages and file transfers
  • Ensure gossip sync caching only occurs after a packet is accepted
  • Preserve self‑sync TTL==0 dedup exception without weakening authentication

@0x0v1
Fix iOS BLE mesh authentication bypass chain in BLEService
af7a664 
- Bind sender IDs to BLE connection UUIDs for peripherals and centrals to prevent spoofing
- Enforce explicit RSR request/response validation and remove legacy TTL==0 RSR path
- Remove TTL==0 unconditional acceptance for messages and file transfers
- Ensure gossip sync caching only occurs after a packet is accepted
- Preserve self‑sync TTL==0 dedup exception without weakening authentication
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 28, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: af7a664685

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@0x0v1 0x0v1 changed the title Fix iOS BLE mesh authentication bypass chain in BLEService Fix iOS BLE mesh authentication issues in BLEService Jan 28, 2026
0x0v1 and others added 3 commits January 28, 2026 10:52
@0x0v1
fix: toctou in boundPeerID identified by codex
bbe1793
@jackjackbits
Merge branch 'main' into main
ef4bdb3
@jackjackbits @claude
fix: Remove unused variable and bump version to 1.5.1
e49116e 
- Remove unused messageType variable (compiler warning fix)
- Bump marketing version to 1.5.1

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@jackjackbits jackjackbits merged commit 74cf0d8 into permissionlesstech:main Jan 28, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@0x0v1 @jackjackbits