From bef39b72834173e969efc6cee10145300a3af94c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Thu, 14 Nov 2013 23:16:43 +0100 Subject: Ensure sessions are invalidated before the nonce wraps While it isn't realistic for the nonce to wrap in less than one hour, it's better to check for this. --- src/methods/common.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'src/methods') diff --git a/src/methods/common.h b/src/methods/common.h index 0769a6c..6be32e9 100644 --- a/src/methods/common.h +++ b/src/methods/common.h @@ -51,6 +51,9 @@ bool fastd_method_reorder_check(fastd_context_t *ctx, fastd_peer_t *peer, fastd_ static inline bool fastd_method_session_common_is_valid(fastd_context_t *ctx, const fastd_method_common_t *session) { + if (session->send_nonce[COMMON_NONCEBYTES-1] == 0xff && session->send_nonce[COMMON_NONCEBYTES-2] == 0xff) + return false; + return (timespec_after(&session->valid_till, &ctx->now)); } @@ -59,7 +62,13 @@ static inline bool fastd_method_session_common_is_initiator(const fastd_method_c } static inline bool fastd_method_session_common_want_refresh(fastd_context_t *ctx, const fastd_method_common_t *session) { - return fastd_method_session_common_is_initiator(session) && timespec_after(&ctx->now, &session->refresh_after); + if (session->send_nonce[COMMON_NONCEBYTES-1] == 0xff) + return true; + + if (fastd_method_session_common_is_initiator(session) && timespec_after(&ctx->now, &session->refresh_after)) + return true; + + return false; } static inline void fastd_method_session_common_superseded(fastd_context_t *ctx, fastd_method_common_t *session) { -- cgit v1.2.3