X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=a99e1d617e7fe675b7cf57819a063fec4719f279;hp=baf9eac188f4ca909417fd6ad00278352d3f87ff;hb=cd854fa86a9dc177dcaa56fa774afb127b29651a;hpb=93584bc1cad7c7cc9c95859a8cde548bc18b6fa8

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index baf9eac1..a99e1d61 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -47,6 +47,7 @@
 
 #include "ed25519/sha512.h"
 
+int invitation_lifetime;
 ecdsa_t *invitation_key = NULL;
 
 static bool send_proxyrequest(connection_t *c) {
@@ -232,6 +233,18 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
 		return false;
 	}
 
+	// Check the timestamp of the invitation
+	struct stat st;
+	if(stat(usedname, &st)) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat %s", usedname);
+		return false;
+	}
+
+	if(st.st_mtime + invitation_lifetime < now.tv_sec) {
+		logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s tried to use expired invitation %s", c->hostname, cookie);
+		return false;
+	}
+
 	// Open the renamed file
 	FILE *f = fopen(usedname, "r");
 	if(!f) {