From cb817ec9156e3b1c3d1e266c8963d08fbf54da61 Mon Sep 17 00:00:00 2001 From: Shen Wei Long Date: Mon, 18 Aug 2025 13:23:18 +0000 Subject: [PATCH] fix(bt): check bd address only for bredr in bluedroid host l2cu_allocate_lcb() (cherry picked from commit 61c13ef8495537923dc179952d94e80cf4ae6902) Co-authored-by: Shen Weilong --- components/bt/host/bluedroid/stack/l2cap/l2c_utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c b/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c index e4bf8a081d..64ebcbd436 100644 --- a/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c +++ b/components/bt/host/bluedroid/stack/l2cap/l2c_utils.c @@ -67,7 +67,8 @@ tL2C_LCB *l2cu_allocate_lcb (BD_ADDR p_bd_addr, BOOLEAN is_bonding, tBT_TRANSPOR /* Check if peer device's and our BD_ADDR is same or not. It should be different to avoid 'Impersonation in the Pin Pairing Protocol' (CVE-2020-26555) vulnerability. */ - if (memcmp((uint8_t *)p_bd_addr, (uint8_t *)&controller_get_interface()->get_address()->address, sizeof (BD_ADDR)) == 0) { + if ((transport == BT_TRANSPORT_BR_EDR) && + (memcmp((uint8_t *)p_bd_addr, (uint8_t *)&controller_get_interface()->get_address()->address, sizeof (BD_ADDR)) == 0)) { L2CAP_TRACE_ERROR ("%s connection rejected due to same BD ADDR", __func__); return (NULL); }