Bluedroid: Do not initiate/accept connection with device having same BDADDR.

Added BD_ADDR comparison in l2cu_lcp_allocate and removed check from
security connection request handler as it's handled in l2cu_lcp_allocate
for both connection request and create connection.

components/bt/host/bluedroid/stack/btm/btm_sec.c

@@ -2631,15 +2631,6 @@ void btm_sec_conn_req (UINT8 *bda, UINT8 *dc)
         return;
     }
 
-    /* Check if peer device's and our BD_ADDR is same or not. It
-       should be different to avoid 'Impersonation in the Pin Pairing
-       Protocol' (CVE-2020-26555) vulnerability. */
-    if (memcmp((uint8_t *)bda, (uint8_t *)&controller_get_interface()->get_address()->address, sizeof (BD_ADDR)) == 0) {
-        BTM_TRACE_ERROR ("Security Manager: connect request from device with same BD_ADDR");
-        btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE);
-        return;
-    }
-
     /* Security guys wants us not to allow connection from not paired devices */
 
     /* Check if connection is allowed for only paired devices */

components/bt/host/bluedroid/stack/l2cap/l2c_utils.c

@@ -52,6 +52,16 @@ tL2C_LCB *l2cu_allocate_lcb (BD_ADDR p_bd_addr, BOOLEAN is_bonding, tBT_TRANSPOR
     int         xx;
     tL2C_LCB    *p_lcb = &l2cb.lcb_pool[0];
 
+#if (CLASSIC_BT_INCLUDED == TRUE)
+            /* Check if peer device's and our BD_ADDR is same or not. It
+               should be different to avoid 'Impersonation in the Pin Pairing
+               Protocol' (CVE-2020-26555) vulnerability. */
+            if (memcmp((uint8_t *)p_bd_addr, (uint8_t *)&controller_get_interface()->get_address()->address, sizeof (BD_ADDR)) == 0) {
+                L2CAP_TRACE_ERROR ("%s connection rejected due to same BD ADDR", __func__);
+                return (NULL);
+            }
+#endif
+
     for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
         if (!p_lcb->in_use) {
             btu_free_timer(&p_lcb->timer_entry);