diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-14 23:16:43 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2013-11-14 23:16:43 +0100 |
commit | bef39b72834173e969efc6cee10145300a3af94c (patch) | |
tree | db967f3089ce21322d8a7beb1ae2badf67c82176 /src/methods | |
parent | b05b3f32354f7fe9cefee74ea18020fd8069bc10 (diff) | |
download | fastd-bef39b72834173e969efc6cee10145300a3af94c.tar fastd-bef39b72834173e969efc6cee10145300a3af94c.zip |
Ensure sessions are invalidated before the nonce wraps
While it isn't realistic for the nonce to wrap in less than one hour, it's
better to check for this.
Diffstat (limited to 'src/methods')
-rw-r--r-- | src/methods/common.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/methods/common.h b/src/methods/common.h index 0769a6c..6be32e9 100644 --- a/src/methods/common.h +++ b/src/methods/common.h @@ -51,6 +51,9 @@ bool fastd_method_reorder_check(fastd_context_t *ctx, fastd_peer_t *peer, fastd_ static inline bool fastd_method_session_common_is_valid(fastd_context_t *ctx, const fastd_method_common_t *session) { + if (session->send_nonce[COMMON_NONCEBYTES-1] == 0xff && session->send_nonce[COMMON_NONCEBYTES-2] == 0xff) + return false; + return (timespec_after(&session->valid_till, &ctx->now)); } @@ -59,7 +62,13 @@ static inline bool fastd_method_session_common_is_initiator(const fastd_method_c } static inline bool fastd_method_session_common_want_refresh(fastd_context_t *ctx, const fastd_method_common_t *session) { - return fastd_method_session_common_is_initiator(session) && timespec_after(&ctx->now, &session->refresh_after); + if (session->send_nonce[COMMON_NONCEBYTES-1] == 0xff) + return true; + + if (fastd_method_session_common_is_initiator(session) && timespec_after(&ctx->now, &session->refresh_after)) + return true; + + return false; } static inline void fastd_method_session_common_superseded(fastd_context_t *ctx, fastd_method_common_t *session) { |