From cff545720ecd41f9fb56752bf22ef8fde0e237e1 Mon Sep 17 00:00:00 2001 From: Kevin Lund Date: Thu, 11 Jun 2020 14:11:19 -0700 Subject: [PATCH] wpa_supplicant: Clear blacklist when SSID configs change If the stored configurations for an SSID have changed, we can no longer trust the current blacklist state of that SSID, since the updated configs could change the behavior of the network. E.g., the BSS could be blacklisted due to a bad password, and the config could be updated to store the correct password. In this case, keeping the BSS in the blacklist will prevent the user from connecting to the BSS after the correct password has been updated. Add the value was_changed_recently to the wpa_ssid struct. Update this value every time a config is changed through wpa_set_config(). Check this value in wpa_blacklist_get() to clear the blacklist whenever the configs of current_ssid have changed. This solution was chosen over simply clearing the blacklist whenever configs change because the user should be able to change configs on an inactive SSID without affecting the blacklist for the currently active SSID. This way, the blacklist won't be cleared until the user attempts to connect to the inactive network again. Furthermore, the blacklist is stored per-BSSID while configs are stored per-SSID, so we don't have the option to just clear out certain blacklist entries that would be affected by the configs. Finally, the function wpa_supplicant_reload_configuration() causes the configs to be reloaded from scratch, so after a call to this function all bets are off as to the relevance of our current blacklist state. Thus, we clear the entire blacklist within this function. Signed-off-by: Kevin Lund Signed-off-by: Brian Norris --- wpa_supplicant/blacklist.c | 7 +++++++ wpa_supplicant/config.c | 1 + wpa_supplicant/config_ssid.h | 9 +++++++++ wpa_supplicant/wpa_supplicant.c | 1 + 4 files changed, 18 insertions(+) diff --git a/wpa_supplicant/blacklist.c b/wpa_supplicant/blacklist.c index fa2ad11ee..2f326444b 100644 --- a/wpa_supplicant/blacklist.c +++ b/wpa_supplicant/blacklist.c @@ -26,6 +26,13 @@ struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s, if (wpa_s == NULL || bssid == NULL) return NULL; + if (wpa_s->current_ssid && + wpa_s->current_ssid->was_recently_reconfigured) { + wpa_blacklist_clear(wpa_s); + wpa_s->current_ssid->was_recently_reconfigured = false; + return NULL; + } + wpa_blacklist_update(wpa_s); e = wpa_s->blacklist; diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 8e79cab20..e3c12d8b3 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -3142,6 +3142,7 @@ int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value, } ret = -1; } + ssid->was_recently_reconfigured = true; return ret; } diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 2c08c0218..ff9cdf4f6 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -1137,6 +1137,15 @@ struct wpa_ssid { * 2 = disable SAE-PK (allow SAE authentication only without SAE-PK) */ enum sae_pk_mode sae_pk; + + /** + * was_recently_reconfigured - Whether this SSID config has been changed + * recently + * + * This is an internally used variable, i.e., not used in external + * configuration. + */ + bool was_recently_reconfigured; }; #endif /* CONFIG_SSID_H */ diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 30fb04786..3404f7d01 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1189,6 +1189,7 @@ int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s) wpa_s->reassociate = 1; wpa_supplicant_req_scan(wpa_s, 0, 0); } + wpa_blacklist_clear(wpa_s); wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed"); return 0; }