From c90faab4c0bfdaaacaeba9f033b197c6baa8cae4 Mon Sep 17 00:00:00 2001
From: mamoniot <mamoniot@protonmail.com>
Date: Wed, 28 Dec 2022 05:53:18 -0500
Subject: [PATCH] prevented minor attack

---
 zssp/src/counter.rs | 7 ++++++-
 zssp/src/zssp.rs    | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/zssp/src/counter.rs b/zssp/src/counter.rs
index 471007a42..a505bbc2c 100644
--- a/zssp/src/counter.rs
+++ b/zssp/src/counter.rs
@@ -64,6 +64,11 @@ impl CounterWindow {
             self.0[i].store(0, Ordering::SeqCst)
         }
     }
+    pub fn invalidate(&self) {
+        for i in 0..COUNTER_MAX_ALLOWED_OOO {
+            self.0[i].store(u32::MAX, Ordering::SeqCst)
+        }
+    }
 
     #[inline(always)]
     pub fn message_received(&self, received_counter_value: u32) -> bool {
@@ -75,7 +80,7 @@ impl CounterWindow {
 
     #[inline(always)]
     pub fn message_authenticated(&self, received_counter_value: u32) -> bool {
-        //if a valid message is received but one of its fragments was lost, it can technically be replayed. However since the message is incomplete, we know it still exists in  the gather array, so the gather array will deduplicate the replayed message. Even if the gather array gets flushed, that flush still effectively deduplicates the replayed message.
+        //if a valid message is received but one of its fragments was lost, it can technically be replayed. However since the message is incomplete, we know it still exists in the gather array, so the gather array will deduplicate the replayed message. Even if the gather array gets flushed, that flush still effectively deduplicates the replayed message.
         //eventually the counter of that kind of message will be too OOO to be accepted anymore so it can't be used to DOS.
         let idx = (received_counter_value % COUNTER_MAX_ALLOWED_OOO as u32) as usize;
         return self.0[idx].fetch_max(received_counter_value, Ordering::SeqCst) < received_counter_value;
diff --git a/zssp/src/zssp.rs b/zssp/src/zssp.rs
index b55cf8b3f..cc53c8cad 100644
--- a/zssp/src/zssp.rs
+++ b/zssp/src/zssp.rs
@@ -416,6 +416,8 @@ impl<Application: ApplicationLayer> Session<Application> {
                 .map_or(true, |o| (current_time - o.creation_time) > Application::REKEY_RATE_LIMIT_MS)
         {
             if let Some(remote_s_public) = P384PublicKey::from_bytes(&self.remote_s_public_p384_bytes) {
+                //mark the previous key as no longer being supported because it is about to be overwritten
+                self.receive_windows[(!current_key_id) as usize].invalidate();
                 let mut offer = None;
                 if send_ephemeral_offer(
                     &mut send,