From: Andrzej Ostruszka <amo@semihalf.com>
Date: Thu, 15 Dec 2022 15:54:06 +0000 (+0100)
Subject: wpa_supplicant: Handle MAC address randomization changes for same ESS
X-Git-Tag: hostap_2_11~1367
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bdbb6e0035aef62422403b8ecba6acc9aa20e53e;p=thirdparty%2Fhostap.git

wpa_supplicant: Handle MAC address randomization changes for same ESS

When MAC address randomization settings change we should use a new MAC
address even if we are associating to the same ESS.

For example, consider this scenario:
- hardware MAC is being used,
- we disconnect from the network,
- policy/style is changed via D-Bus to turn randomization on,
- we reconnect to the same network.

In the last step a randomized MAC address should be used.

Changes to the randomization settings include both changes to the
policy/style to be used and changes to the pregenerated MAC address
value in case of mac_addr==3.

Signed-off-by: Andrzej Ostruszka <amo@semihalf.com>
---

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 536442462..370668a30 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2237,15 +2237,24 @@ int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style,
 	u8 addr[ETH_ALEN];
 
 	os_get_reltime(&now);
-	if (wpa_s->last_mac_addr_style == style &&
-	    /* Pregenerated addresses do not expire */
-	    wpa_s->last_mac_addr_style != 3 &&
-	    wpa_s->last_mac_addr_change.sec != 0 &&
-	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
-				wpa_s->conf->rand_addr_lifetime)) {
-		wpa_msg(wpa_s, MSG_DEBUG,
-			"Previously selected random MAC address has not yet expired");
-		return 0;
+	/* Random addresses are valid within a given ESS so check
+	 * expiration/value only when continuing to use the same ESS. */
+	if (wpa_s->last_mac_addr_style == style && wpa_s->reassoc_same_ess) {
+		if (style == 3) {
+			/* Pregenerated addresses do not expire but their value
+			 * might have changed, so let's check that. */
+			if (os_memcmp(wpa_s->own_addr, ssid->mac_value,
+				      ETH_ALEN) == 0)
+				return 0;
+		} else if (wpa_s->last_mac_addr_change.sec != 0 &&
+			   !os_reltime_expired(
+				   &now,
+				   &wpa_s->last_mac_addr_change,
+				   wpa_s->conf->rand_addr_lifetime)) {
+			wpa_msg(wpa_s, MSG_DEBUG,
+				"Previously selected random MAC address has not yet expired");
+			return 0;
+		}
 	}
 
 	switch (style) {
@@ -2289,7 +2298,7 @@ int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style,
 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
 		MAC2STR(addr));
 
-	return 0;
+	return 1;
 }
 
 
@@ -2436,10 +2445,13 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
 	wpa_s_setup_sae_pt(wpa_s->conf, ssid);
 #endif /* CONFIG_SAE */
 
-	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
-		if (wpas_update_random_addr(wpa_s, rand_style, ssid) < 0)
+	if (rand_style > 0) {
+		int status = wpas_update_random_addr(wpa_s, rand_style, ssid);
+
+		if (status < 0)
 			return;
-		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
+		if (status > 0) /* MAC changed */
+			wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
 	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
 		if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
 			return;