diff --git a/Makefile b/Makefile index c2c6adc8..f814253e 100644 --- a/Makefile +++ b/Makefile @@ -108,6 +108,7 @@ $(SQLITE_OBJS): CFLAGS += \ -DSQLITE_MAX_LIKE_PATTERN_LENGTH=50 \ -DSQLITE_MAX_VARIABLE_NUMBER=100 \ -DSQLITE_MAX_TRIGGER_DEPTH=10 \ + -DSQLITE_SECURE_DELETE \ -Wno-implicit-fallthrough XOPT_SOURCES = deps/xopt/xopt.c diff --git a/src/ssb.c b/src/ssb.c index d509f88d..f5e8d309 100644 --- a/src/ssb.c +++ b/src/ssb.c @@ -54,6 +54,7 @@ typedef enum { enum { k_connections_changed_callbacks_max = 4, + k_tf_ssb_rpc_message_body_length_max = 8192, }; typedef struct _tf_ssb_broadcast_t tf_ssb_broadcast_t; @@ -190,7 +191,7 @@ static void _tf_ssb_connection_close(tf_ssb_connection_t* connection, const char return; } else if (connection->state == k_tf_ssb_state_verified || connection->state == k_tf_ssb_state_server_verified) { - printf("Connection %p is closing: %s.", connection, reason); + printf("Connection %p is closing: %s.\n", connection, reason); connection->state = k_tf_ssb_state_closing; _tf_ssb_connection_send_close(connection); } else { @@ -1092,7 +1093,7 @@ static bool _tf_ssb_connection_box_stream_recv(tf_ssb_connection_t* connection) } _tf_ssb_nonce_inc(connection->nonce); connection->body_len = htons(*(uint16_t*)header); - if (connection->body_len > 4096) { + if (connection->body_len > k_tf_ssb_rpc_message_body_length_max) { _tf_ssb_connection_close(connection, "body length is too large"); return false; } @@ -1106,10 +1107,10 @@ static bool _tf_ssb_connection_box_stream_recv(tf_ssb_connection_t* connection) } if (connection->body_len) { - uint8_t buf[16 + 4096]; + uint8_t buf[16 + k_tf_ssb_rpc_message_body_length_max]; memcpy(buf, connection->body_auth_tag, sizeof(connection->body_auth_tag)); if (_tf_ssb_connection_recv_pop(connection, buf + 16, connection->body_len)) { - uint8_t body[4096]; + uint8_t body[k_tf_ssb_rpc_message_body_length_max]; if (crypto_secretbox_open_easy(body, buf, 16 + connection->body_len, connection->nonce, connection->s_to_c_box_key) != 0) { _tf_ssb_connection_close(connection, "failed to open secret box"); return false; @@ -1493,6 +1494,7 @@ tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, sqlite3* db, const NULL, NULL, NULL); sqlite3_exec(ssb->db, "CREATE INDEX IF NOT EXISTS messages_author_id_index ON messages (author, id)", NULL, NULL, NULL); sqlite3_exec(ssb->db, "CREATE INDEX IF NOT EXISTS messages_author_sequence_index ON messages (author, sequence)", NULL, NULL, NULL); + sqlite3_exec(ssb->db, "CREATE INDEX IF NOT EXISTS messages_author_timestamp_index ON messages (author, timestamp)", NULL, NULL, NULL); sqlite3_exec(ssb->db, "CREATE TABLE IF NOT EXISTS blobs (" " id TEXT PRIMARY KEY,"