crypto: Clamp the rotation period ms so users can't wedge E2E.
Users may set a very small rotation period this might mean that a session might expire by the time it's shared ending up in a loop where we constantly need to share a group session yet never manage to send a message.
This commit is contained in:
parent
9fe23227af
commit
aee40977a3
1 changed files with 6 additions and 1 deletions
|
@ -13,6 +13,7 @@
|
|||
// limitations under the License.
|
||||
|
||||
use std::{
|
||||
cmp::min,
|
||||
convert::TryInto,
|
||||
fmt,
|
||||
sync::{
|
||||
|
@ -406,7 +407,11 @@ impl OutboundGroupSession {
|
|||
let count = self.message_count.load(Ordering::SeqCst);
|
||||
|
||||
count >= self.settings.rotation_period_msgs
|
||||
|| self.creation_time.elapsed() >= self.settings.rotation_period
|
||||
|| self.creation_time.elapsed()
|
||||
// Since the encryption settings are provided by users and not
|
||||
// checked someone could set a really low rotation perdiod so
|
||||
// clamp it at a minute.
|
||||
>= min(self.settings.rotation_period, Duration::from_secs(3600))
|
||||
}
|
||||
|
||||
/// Mark the session as shared.
|
||||
|
|
Loading…
Reference in a new issue