From 0754255c1f597beba3f9dae5c21f7c99e927918b Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Mon, 17 Jul 2023 21:08:26 -0400
Subject: [PATCH] drop incoming session from too old or from future routers

---
 libi2pd/NTCP2.cpp       | 11 +++++++++--
 libi2pd/SSU2Session.cpp | 11 +++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp
index 364ebe8e..fa852f92 100644
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -695,12 +695,19 @@ namespace transport
 						SendTerminationAndTerminate (eNTCP2RouterInfoSignatureVerificationFail);
 						return;
 					}
-					if (i2p::util::GetMillisecondsSinceEpoch () > ri.GetTimestamp () + i2p::data::NETDB_MIN_EXPIRATION_TIMEOUT*1000LL) // 90 minutes
+					auto ts = i2p::util::GetMillisecondsSinceEpoch (); 
+					if (ts > ri.GetTimestamp () + i2p::data::NETDB_MIN_EXPIRATION_TIMEOUT*1000LL) // 90 minutes
 					{
-						LogPrint (eLogError, "NTCP2: RouterInfo is too old in SessionConfirmed");
+						LogPrint (eLogError, "NTCP2: RouterInfo is too old in SessionConfirmed for ", (ts - ri.GetTimestamp ())/1000LL, " seconds");
 						SendTerminationAndTerminate (eNTCP2Message3Error);
 						return;
 					}
+					if (ts + i2p::data::NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < ri.GetTimestamp ()) // 2 minutes
+					{
+						LogPrint (eLogError, "NTCP2: RouterInfo is from future for ", (ri.GetTimestamp () - ts)/1000LL, " seconds");
+						SendTerminationAndTerminate (eNTCP2Message3Error);
+						return;
+					}	
 					auto addr = m_RemoteEndpoint.address ().is_v4 () ? ri.GetNTCP2V4Address () :
 						(i2p::util::net::IsYggdrasilAddress (m_RemoteEndpoint.address ()) ? ri.GetYggdrasilAddress () : ri.GetNTCP2V6Address ());
 					if (!addr || memcmp (m_Establisher->m_RemoteStaticKey, addr->s, 32))
diff --git a/libi2pd/SSU2Session.cpp b/libi2pd/SSU2Session.cpp
index 23afd4c3..51c167ea 100644
--- a/libi2pd/SSU2Session.cpp
+++ b/libi2pd/SSU2Session.cpp
@@ -1053,6 +1053,17 @@ namespace transport
 			LogPrint (eLogError, "SSU2: SessionConfirmed malformed RouterInfo block");
 			return false;
 		}
+		auto ts = i2p::util::GetMillisecondsSinceEpoch();
+		if (ts > ri->GetTimestamp () + i2p::data::NETDB_MIN_EXPIRATION_TIMEOUT*1000LL) // 90 minutes
+		{
+			LogPrint (eLogError, "SSU2: RouterInfo in SessionConfirmed is too old for ", (ts - ri->GetTimestamp ())/1000LL, " seconds");
+			return false;
+		}	
+		if (ts + i2p::data::NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < ri->GetTimestamp ()) // 2 minutes
+		{
+			LogPrint (eLogError, "SSU2: RouterInfo in SessionConfirmed is from future for ", (ri->GetTimestamp () - ts)/1000LL, " seconds");
+			return false;
+		}	
 		m_Address = m_RemoteEndpoint.address ().is_v6 () ? ri->GetSSU2V6Address () : ri->GetSSU2V4Address ();
 		if (!m_Address || memcmp (S, m_Address->s, 32))
 		{