crypto: Clamp the rotation period ms so users can't wedge E2E.

Users may set a very small rotation period this might mean that a
session might expire by the time it's shared ending up in a loop where
we constantly need to share a group session yet never manage to send a
message.
This commit is contained in:
Damir Jelić 2020-08-21 12:46:11 +02:00
parent 9fe23227af
commit aee40977a3

View file

@ -13,6 +13,7 @@
// limitations under the License.
use std::{
cmp::min,
convert::TryInto,
fmt,
sync::{
@ -406,7 +407,11 @@ impl OutboundGroupSession {
let count = self.message_count.load(Ordering::SeqCst);
count >= self.settings.rotation_period_msgs
|| self.creation_time.elapsed() >= self.settings.rotation_period
|| self.creation_time.elapsed()
// Since the encryption settings are provided by users and not
// checked someone could set a really low rotation perdiod so
// clamp it at a minute.
>= min(self.settings.rotation_period, Duration::from_secs(3600))
}
/// Mark the session as shared.