From 6409462a9643531218b4085385806779f7a22fd8 Mon Sep 17 00:00:00 2001
From: Nicolas Werner <nicolas.werner@hotmail.de>
Date: Fri, 30 Jul 2021 03:31:29 +0200
Subject: [PATCH] Rate limit olm session creation

---
 src/Olm.cpp | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/Olm.cpp b/src/Olm.cpp
index d20bf9a4..d421e336 100644
--- a/src/Olm.cpp
+++ b/src/Olm.cpp
@@ -1138,9 +1138,23 @@ send_encrypted_to_device_messages(const std::map<std::string, std::vector<std::s
 
                         auto session = cache::getLatestOlmSession(device_curve);
                         if (!session || force_new_session) {
-                                claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519;
-                                pks[user][device].ed25519          = d.keys.at("ed25519:" + device);
-                                pks[user][device].curve25519 = d.keys.at("curve25519:" + device);
+                                static QMap<QPair<std::string, std::string>, qint64> rateLimit;
+                                auto currentTime = QDateTime::currentSecsSinceEpoch();
+                                if (rateLimit.value(QPair(user, device)) + 60 * 60 * 10 <
+                                    currentTime) {
+                                        claims.one_time_keys[user][device] =
+                                          mtx::crypto::SIGNED_CURVE25519;
+                                        pks[user][device].ed25519 = d.keys.at("ed25519:" + device);
+                                        pks[user][device].curve25519 =
+                                          d.keys.at("curve25519:" + device);
+
+                                        rateLimit.insert(QPair(user, device), currentTime);
+                                } else {
+                                        nhlog::crypto()->warn("Not creating new session with {}:{} "
+                                                              "because of rate limit",
+                                                              user,
+                                                              device);
+                                }
                                 continue;
                         }