From: Hai Shalom <haishalom@google.com>
Date: Thu, 23 Apr 2020 22:13:27 +0000 (-0700)
Subject: Randomize GAS dialog token
X-Git-Tag: hostap_2_10~1396
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c54a5e96b505e0b7c4909b1a1259f9efc0b64722;p=thirdparty%2Fhostap.git

Randomize GAS dialog token

Randomize GAS dialog token field, instead of using an incremental
counter with predictable values. This change will make this field
unuseful for user fingerprinting.

Signed-off-by: Hai Shalom <haishalom@google.com>
---

diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c
index 759b9b9cd..4b3fcfcfa 100644
--- a/wpa_supplicant/gas_query.c
+++ b/wpa_supplicant/gas_query.c
@@ -729,19 +729,24 @@ static void gas_query_tx_initial_req(struct gas_query *gas,
 
 static int gas_query_new_dialog_token(struct gas_query *gas, const u8 *dst)
 {
-	static int next_start = 0;
-	int dialog_token;
-
-	for (dialog_token = 0; dialog_token < 256; dialog_token++) {
-		if (gas_query_dialog_token_available(
-			    gas, dst, (next_start + dialog_token) % 256))
+	u8 dialog_token;
+	int i;
+
+	/* There should never be more than couple active GAS queries in
+	 * progress, so it should be very likely to find an available dialog
+	 * token by checking random values. Use a limit on the number of
+	 * iterations to handle the unexpected case of large number of pending
+	 * queries cleanly. */
+	for (i = 0; i < 256; i++) {
+		/* Get a random number and check if the slot is available */
+		if (os_get_random(&dialog_token, sizeof(dialog_token)) < 0)
 			break;
+		if (gas_query_dialog_token_available(gas, dst, dialog_token))
+			return dialog_token;
 	}
-	if (dialog_token == 256)
-		return -1; /* Too many pending queries */
-	dialog_token = (next_start + dialog_token) % 256;
-	next_start = (dialog_token + 1) % 256;
-	return dialog_token;
+
+	/* No dialog token value available */
+	return -1;
 }