[UBUNTU OEM-6.0 1/1] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

[Thadeu Lima de Souza Cascardo]

From: Luiz Augusto von Dentz <luiz.von.dentz at intel.com>

l2cap_global_chan_by_psm shall not return fixed channels as they are not
meant to be connected by (S)PSM.

Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz at intel.com>
Reviewed-by: Tedd Ho-Jeong An <tedd.an at intel.com>
(cherry picked from commit f937b758a188d6fd328a81367087eddbb2fce50f)
CVE-2022-42896
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
---
 net/bluetooth/l2cap_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 6402edcacdcb..9fdede5fe71c 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1990,7 +1990,7 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
 		if (link_type == LE_LINK && c->src_type == BDADDR_BREDR)
 			continue;
 
-		if (c->psm == psm) {
+		if (c->chan_type != L2CAP_CHAN_FIXED && c->psm == psm) {
 			int src_match, dst_match;
 			int src_any, dst_any;
 
-- 
2.34.1