From 29814ee968c58b8d03731a614fbed3d741697fb2 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Jan 2024 12:24:00 +0200
Subject: [PATCH] Extend pmf_in_use() to be aware of affiliated links on non-AP
 MLD

The target MAC address needs to be checked against all the AP MLD link
addresses and the MLD MAC address to cover all possible cases. This is
needed to be able to correctly use Protected Dual of Public Action
frames during an ML association.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 wpa_supplicant/wpa_supplicant.c   | 13 ++++++++++---
 wpa_supplicant/wpa_supplicant_i.h |  1 +
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 134ba39c5..1697d4a1f 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -8637,9 +8637,16 @@ bool wpas_is_sae_avoided(struct wpa_supplicant *wpa_s,
 int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
 {
 	if (wpa_s->current_ssid == NULL ||
-	    wpa_s->wpa_state < WPA_4WAY_HANDSHAKE ||
-	    os_memcmp(addr, wpa_s->bssid, ETH_ALEN) != 0)
+	    wpa_s->wpa_state < WPA_4WAY_HANDSHAKE)
 		return 0;
+	if (wpa_s->valid_links) {
+		if (os_memcmp(addr, wpa_s->ap_mld_addr, ETH_ALEN) != 0 &&
+		    !wpas_ap_link_address(wpa_s, addr))
+			return 0;
+	} else {
+		if (os_memcmp(addr, wpa_s->bssid, ETH_ALEN) != 0)
+			return 0;
+	}
 	return wpa_sm_pmf_enabled(wpa_s->wpa);
 }
 
@@ -9311,7 +9318,7 @@ wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s)
 }
 
 
-static bool wpas_ap_link_address(struct wpa_supplicant *wpa_s, const u8 *addr)
+bool wpas_ap_link_address(struct wpa_supplicant *wpa_s, const u8 *addr)
 {
 	int i;
 
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 44e4416b1..3d4d21f19 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1989,5 +1989,6 @@ void wpas_pasn_auth_work_done(struct wpa_supplicant *wpa_s, int status);
 bool wpas_is_6ghz_supported(struct wpa_supplicant *wpa_s, bool only_enabled);
 
 bool wpa_is_non_eht_scs_traffic_desc_supported(struct wpa_bss *bss);
+bool wpas_ap_link_address(struct wpa_supplicant *wpa_s, const u8 *addr);
 
 #endif /* WPA_SUPPLICANT_I_H */