ENGINE-121 #comment keep (i.e. not consume) updateRequests until expiry. added inhibit time on some event to prevent re-uptake of updateRequests and cannotDecrypt, otherwise looping and flooding mailbox
1.1 --- a/src/pEpEngine.h Tue Oct 18 20:57:54 2016 +0200
1.2 +++ b/src/pEpEngine.h Tue Oct 18 21:47:38 2016 +0200
1.3 @@ -89,6 +89,7 @@
1.4 PEP_STATEMACHINE_INVALID_EVENT = 0x0983,
1.5 PEP_STATEMACHINE_INVALID_CONDITION = 0x0984,
1.6 PEP_STATEMACHINE_INVALID_ACTION = 0x0985,
1.7 + PEP_STATEMACHINE_INHIBITED_EVENT = 0x0986,
1.8
1.9 PEP_COMMIT_FAILED = 0xff01,
1.10 PEP_MESSAGE_CONSUMED = 0xff02,
2.1 --- a/src/pEp_internal.h Tue Oct 18 20:57:54 2016 +0200
2.2 +++ b/src/pEp_internal.h Tue Oct 18 21:47:38 2016 +0200
2.3 @@ -142,6 +142,8 @@
2.4 // key sync
2.5 DeviceState_state sync_state;
2.6 char sync_uuid[37];
2.7 + time_t LastCannotDecrypt;
2.8 + time_t LastUpdateRequest;
2.9
2.10 // runtime config
2.11
3.1 --- a/src/sync_impl.c Tue Oct 18 20:57:54 2016 +0200
3.2 +++ b/src/sync_impl.c Tue Oct 18 21:47:38 2016 +0200
3.3 @@ -14,6 +14,9 @@
3.4 #define SYNC_VERSION_MAJOR 1
3.5 #define SYNC_VERSION_MINOR 0
3.6
3.7 +#define SYNC_INHIBIT_TIME (60*10)
3.8 +#define SYNC_MSG_EXPIRE_TIME (60 * 10)
3.9 +
3.10 struct _sync_msg_t {
3.11 bool is_a_message;
3.12 union {
3.13 @@ -49,34 +52,20 @@
3.14
3.15 switch (msg->payload.present) {
3.16 case DeviceGroup_Protocol__payload_PR_beacon:
3.17 - partner = Identity_to_Struct(&msg->header.me, NULL);
3.18 - if (!partner){
3.19 - status = PEP_OUT_OF_MEMORY;
3.20 - ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
3.21 - goto error;
3.22 - }
3.23 event = Beacon;
3.24 break;
3.25
3.26 case DeviceGroup_Protocol__payload_PR_handshakeRequest:
3.27 - partner = Identity_to_Struct(&msg->header.me, NULL);
3.28 - if (!partner){
3.29 - status = PEP_OUT_OF_MEMORY;
3.30 - ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
3.31 - goto error;
3.32 - }
3.33 + event = HandshakeRequest;
3.34 + break;
3.35
3.36 - event = HandshakeRequest;
3.37 + case DeviceGroup_Protocol__payload_PR_updateRequest:
3.38 + event = UpdateRequest;
3.39 break;
3.40
3.41 case DeviceGroup_Protocol__payload_PR_groupKeys:
3.42 case DeviceGroup_Protocol__payload_PR_groupUpdate:
3.43 - partner = Identity_to_Struct(&msg->header.me, NULL);
3.44 - if (!partner){
3.45 - status = PEP_OUT_OF_MEMORY;
3.46 - ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
3.47 - goto error;
3.48 - }
3.49 + {
3.50 identity_list *group_keys = IdentityList_to_identity_list(
3.51 msg->payload.present ==
3.52 DeviceGroup_Protocol__payload_PR_groupKeys ?
3.53 @@ -84,7 +73,6 @@
3.54 &msg->payload.choice.groupUpdate.ownIdentities,
3.55 NULL);
3.56 if (!group_keys) {
3.57 - free_identity(partner);
3.58 status = PEP_OUT_OF_MEMORY;
3.59 ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
3.60 goto error;
3.61 @@ -94,12 +82,20 @@
3.62 DeviceGroup_Protocol__payload_PR_groupKeys ?
3.63 GroupKeys : GroupUpdate;
3.64 break;
3.65 + }
3.66
3.67 default:
3.68 status = PEP_SYNC_ILLEGAL_MESSAGE;
3.69 ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
3.70 goto error;
3.71 }
3.72 +
3.73 + partner = Identity_to_Struct(&msg->header.me, NULL);
3.74 + if (!partner){
3.75 + status = PEP_OUT_OF_MEMORY;
3.76 + ASN_STRUCT_FREE(asn_DEF_DeviceGroup_Protocol, msg);
3.77 + goto error;
3.78 + }
3.79 }
3.80 else{
3.81 partner = sync_msg->u.event.partner;
3.82 @@ -107,6 +103,30 @@
3.83 event = sync_msg->u.event.event;
3.84 }
3.85
3.86 + // Event inhibition, to limit mailbox and prevent cycles
3.87 + time_t *last = NULL;
3.88 + switch(event){
3.89 + case CannotDecrypt:
3.90 + last = &session->LastCannotDecrypt;
3.91 + break;
3.92 +
3.93 + case UpdateRequest:
3.94 + last = &session->LastUpdateRequest;
3.95 + break;
3.96 +
3.97 + default:
3.98 + break;
3.99 + }
3.100 + time_t now = time(NULL);
3.101 + if(last != NULL){
3.102 + if(*last != 0 && (*last + SYNC_INHIBIT_TIME) > now ){
3.103 + free_identity(partner);
3.104 + status = PEP_STATEMACHINE_INHIBITED_EVENT;
3.105 + goto error;
3.106 + }
3.107 + *last = now;
3.108 + }
3.109 +
3.110 // partner identity must be explicitely added DB to later
3.111 // be able to communicate securely with it.
3.112 if(partner){
3.113 @@ -227,9 +247,6 @@
3.114 return status;
3.115 }
3.116
3.117 -// Ten minutes
3.118 -#define SYNC_MSG_EXPIRE_DELTA (60 * 10)
3.119 -
3.120 PEP_STATUS receive_DeviceState_msg(
3.121 PEP_SESSION session,
3.122 message *src,
3.123 @@ -266,7 +283,7 @@
3.124
3.125 // check message expiry
3.126 if(src->recv) {
3.127 - time_t expiry = timegm(src->recv) + SYNC_MSG_EXPIRE_DELTA;
3.128 + time_t expiry = timegm(src->recv) + SYNC_MSG_EXPIRE_TIME;
3.129 time_t now = time(NULL);
3.130 if(expiry != 0 && now != 0 && expiry < now){
3.131 expired = true;
3.132 @@ -323,14 +340,12 @@
3.133 break;
3.134 }
3.135 case DeviceGroup_Protocol__payload_PR_groupUpdate:
3.136 + case DeviceGroup_Protocol__payload_PR_updateRequest:
3.137 + {
3.138 // inject message but don't consume it, so
3.139 // that other group members can also be updated
3.140 force_keep_msg = true;
3.141
3.142 - // no break
3.143 -
3.144 - case DeviceGroup_Protocol__payload_PR_updateRequest:
3.145 - {
3.146 if (!keylist || rating < PEP_rating_reliable){
3.147 discarded = true;
3.148 goto free_all;