1.1 --- a/src/pEpEngine.h	Tue Oct 18 20:57:54 2016 +0200
     1.2 +++ b/src/pEpEngine.h	Tue Oct 18 21:47:38 2016 +0200
     1.3 @@ -89,6 +89,7 @@
     1.4      PEP_STATEMACHINE_INVALID_EVENT                  = 0x0983,
     1.5      PEP_STATEMACHINE_INVALID_CONDITION              = 0x0984,
     1.6      PEP_STATEMACHINE_INVALID_ACTION                 = 0x0985,
     1.7 +    PEP_STATEMACHINE_INHIBITED_EVENT                = 0x0986,
     1.8  
     1.9      PEP_COMMIT_FAILED                               = 0xff01,
    1.10      PEP_MESSAGE_CONSUMED                            = 0xff02,

     2.1 --- a/src/pEp_internal.h	Tue Oct 18 20:57:54 2016 +0200
     2.2 +++ b/src/pEp_internal.h	Tue Oct 18 21:47:38 2016 +0200
     2.3 @@ -142,6 +142,8 @@
     2.4      // key sync
     2.5      DeviceState_state sync_state;
     2.6      char sync_uuid[37];
     2.7 +    time_t LastCannotDecrypt;
     2.8 +    time_t LastUpdateRequest;
     2.9  
    2.10      // runtime config
    2.11  

     3.1 --- a/src/sync_impl.c	Tue Oct 18 20:57:54 2016 +0200
     3.2 +++ b/src/sync_impl.c	Tue Oct 18 21:47:38 2016 +0200
     3.3 @@ -14,6 +14,9 @@
     3.4  #define SYNC_VERSION_MAJOR 1
     3.5  #define SYNC_VERSION_MINOR 0
     3.6  
     3.7 +#define SYNC_INHIBIT_TIME (60*10)
     3.8 +#define SYNC_MSG_EXPIRE_TIME (60 * 10)
     3.9 +
    3.10  struct _sync_msg_t {
    3.11      bool is_a_message;
    3.12      union {
    3.13 @@ -49,34 +52,20 @@
    3.14  
    3.15          switch (msg->payload.present) {
    3.16              case DeviceGroup_Protocol__payload_PR_beacon:
    3.17 -                partner = Identity_to_Struct(&msg->header.me, NULL);
    3.18 -                if (!partner){
    3.19 -                    status = PEP_OUT_OF_MEMORY;
    3.20 -                    ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
    3.21 -                    goto error;
    3.22 -                }
    3.23                  event = Beacon;
    3.24                  break;
    3.25  
    3.26              case DeviceGroup_Protocol__payload_PR_handshakeRequest:
    3.27 -                partner = Identity_to_Struct(&msg->header.me, NULL);
    3.28 -                if (!partner){
    3.29 -                    status = PEP_OUT_OF_MEMORY;
    3.30 -                    ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
    3.31 -                    goto error;
    3.32 -                }
    3.33 +                event = HandshakeRequest;
    3.34 +                break;
    3.35  
    3.36 -                event = HandshakeRequest;
    3.37 +            case DeviceGroup_Protocol__payload_PR_updateRequest:
    3.38 +                event = UpdateRequest;
    3.39                  break;
    3.40  
    3.41              case DeviceGroup_Protocol__payload_PR_groupKeys:
    3.42              case DeviceGroup_Protocol__payload_PR_groupUpdate:
    3.43 -                partner = Identity_to_Struct(&msg->header.me, NULL);
    3.44 -                if (!partner){
    3.45 -                    status = PEP_OUT_OF_MEMORY;
    3.46 -                    ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
    3.47 -                    goto error;
    3.48 -                }
    3.49 +            {
    3.50                  identity_list *group_keys = IdentityList_to_identity_list(
    3.51                          msg->payload.present == 
    3.52                            DeviceGroup_Protocol__payload_PR_groupKeys ?
    3.53 @@ -84,7 +73,6 @@
    3.54                              &msg->payload.choice.groupUpdate.ownIdentities,
    3.55                          NULL);
    3.56                  if (!group_keys) {
    3.57 -                    free_identity(partner);
    3.58                      status = PEP_OUT_OF_MEMORY;
    3.59                      ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
    3.60                      goto error;
    3.61 @@ -94,12 +82,20 @@
    3.62                            DeviceGroup_Protocol__payload_PR_groupKeys ?
    3.63                              GroupKeys : GroupUpdate;
    3.64                  break;
    3.65 +            }
    3.66  
    3.67              default:
    3.68                  status = PEP_SYNC_ILLEGAL_MESSAGE;
    3.69                  ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
    3.70                  goto error;
    3.71          }
    3.72 +
    3.73 +        partner = Identity_to_Struct(&msg->header.me, NULL);
    3.74 +        if (!partner){
    3.75 +            status = PEP_OUT_OF_MEMORY;
    3.76 +            ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
    3.77 +            goto error;
    3.78 +        }
    3.79      }
    3.80      else{
    3.81          partner = sync_msg->u.event.partner;
    3.82 @@ -107,6 +103,30 @@
    3.83          event = sync_msg->u.event.event;
    3.84      }
    3.85  
    3.86 +    // Event inhibition, to limit mailbox and prevent cycles
    3.87 +    time_t *last = NULL;
    3.88 +    switch(event){
    3.89 +        case CannotDecrypt:
    3.90 +            last = &session->LastCannotDecrypt;
    3.91 +            break;
    3.92 +
    3.93 +        case UpdateRequest:
    3.94 +            last = &session->LastUpdateRequest;
    3.95 +            break;
    3.96 +
    3.97 +        default:
    3.98 +            break;
    3.99 +    }
   3.100 +    time_t now = time(NULL);
   3.101 +    if(last != NULL){
   3.102 +        if(*last != 0 && (*last + SYNC_INHIBIT_TIME) > now ){
   3.103 +            free_identity(partner);
   3.104 +            status = PEP_STATEMACHINE_INHIBITED_EVENT;
   3.105 +            goto error;
   3.106 +        }
   3.107 +        *last = now;
   3.108 +    }
   3.109 +
   3.110      // partner identity must be explicitely added DB to later
   3.111      // be able to communicate securely with it.
   3.112      if(partner){
   3.113 @@ -227,9 +247,6 @@
   3.114      return status;
   3.115  }
   3.116  
   3.117 -// Ten minutes
   3.118 -#define SYNC_MSG_EXPIRE_DELTA (60 * 10)
   3.119 -
   3.120  PEP_STATUS receive_DeviceState_msg(
   3.121      PEP_SESSION session, 
   3.122      message *src, 
   3.123 @@ -266,7 +283,7 @@
   3.124  
   3.125                  // check message expiry 
   3.126                  if(src->recv) {
   3.127 -                    time_t expiry = timegm(src->recv) + SYNC_MSG_EXPIRE_DELTA;
   3.128 +                    time_t expiry = timegm(src->recv) + SYNC_MSG_EXPIRE_TIME;
   3.129                      time_t now = time(NULL);
   3.130                      if(expiry != 0 && now != 0 && expiry < now){
   3.131                          expired = true;
   3.132 @@ -323,14 +340,12 @@
   3.133                              break;
   3.134                          }
   3.135                          case DeviceGroup_Protocol__payload_PR_groupUpdate:
   3.136 +                        case DeviceGroup_Protocol__payload_PR_updateRequest:
   3.137 +                        {
   3.138                              // inject message but don't consume it, so 
   3.139                              // that other group members can also be updated
   3.140                              force_keep_msg = true;
   3.141                              
   3.142 -                            // no break
   3.143 -
   3.144 -                        case DeviceGroup_Protocol__payload_PR_updateRequest:
   3.145 -                        {
   3.146                              if (!keylist || rating < PEP_rating_reliable){
   3.147                                  discarded = true;
   3.148                                  goto free_all;