From c54a5e96b505e0b7c4909b1a1259f9efc0b64722 Mon Sep 17 00:00:00 2001 From: Hai Shalom Date: Thu, 23 Apr 2020 15:13:27 -0700 Subject: [PATCH] Randomize GAS dialog token Randomize GAS dialog token field, instead of using an incremental counter with predictable values. This change will make this field unuseful for user fingerprinting. Signed-off-by: Hai Shalom --- wpa_supplicant/gas_query.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c index 759b9b9cd..4b3fcfcfa 100644 --- a/wpa_supplicant/gas_query.c +++ b/wpa_supplicant/gas_query.c @@ -729,19 +729,24 @@ static void gas_query_tx_initial_req(struct gas_query *gas, static int gas_query_new_dialog_token(struct gas_query *gas, const u8 *dst) { - static int next_start = 0; - int dialog_token; + u8 dialog_token; + int i; - for (dialog_token = 0; dialog_token < 256; dialog_token++) { - if (gas_query_dialog_token_available( - gas, dst, (next_start + dialog_token) % 256)) + /* There should never be more than couple active GAS queries in + * progress, so it should be very likely to find an available dialog + * token by checking random values. Use a limit on the number of + * iterations to handle the unexpected case of large number of pending + * queries cleanly. */ + for (i = 0; i < 256; i++) { + /* Get a random number and check if the slot is available */ + if (os_get_random(&dialog_token, sizeof(dialog_token)) < 0) break; + if (gas_query_dialog_token_available(gas, dst, dialog_token)) + return dialog_token; } - if (dialog_token == 256) - return -1; /* Too many pending queries */ - dialog_token = (next_start + dialog_token) % 256; - next_start = (dialog_token + 1) % 256; - return dialog_token; + + /* No dialog token value available */ + return -1; }