Bluedroid: Do not initiate/accept connection with device having same BDADDR.

Added BD_ADDR comparison in l2cu_lcp_allocate and removed check from security connection request handler as it's handled in l2cu_lcp_allocate for both connection request and create connection.
2025-09-25 01:37:22 +00:00 · 2021-02-03 18:55:17 +05:30
parent 5596f37af1
commit fb3a382fe4
2 changed files with 11 additions and 9 deletions
--- a/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c
+++ b/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c
@@ -58,6 +58,17 @@ tL2C_LCB *l2cu_allocate_lcb (BD_ADDR p_bd_addr, BOOLEAN is_bonding, tBT_TRANSPOR
    if(p_lcb != NULL) {
        list_ret = true;
    }
+
+#if (CLASSIC_BT_INCLUDED == TRUE)
+    /* Check if peer device's and our BD_ADDR is same or not. It
+       should be different to avoid 'Impersonation in the Pin Pairing
+       Protocol' (CVE-2020-26555) vulnerability. */
+    if (memcmp((uint8_t *)p_bd_addr, (uint8_t *)&controller_get_interface()->get_address()->address, sizeof (BD_ADDR)) == 0) {
+        L2CAP_TRACE_ERROR ("%s connection rejected due to same BD ADDR", __func__);
+        return (NULL);
+    }
+#endif
+
    if(p_lcb == NULL && list_length(l2cb.p_lcb_pool) < MAX_L2CAP_LINKS) {
        p_lcb = (tL2C_LCB *)osi_malloc(sizeof(tL2C_LCB));
 	    if (p_lcb) {