TimedSerializer accepts timestamps from the future

[dimaqq]

My team too was "hit" by #120 not having read the change log carefully enough.

Digging deeper, a colleague discovered that while (signs) 0.24 -> 1.1.0 (verifies) path is broken / requires a work-around, the 1.1.0 -> 0.24 path still kinda works.

It works by the virtue of 1.1.0 sending much larger timestamps (numerically), which are interpreted as being far in the future by 0.24. Thus true positives (recent messages) work, and false positives appear (1.1.0 outdated messages are interpreted as valid by 0.24).

This is because TimedSerializer/TimestampSigner only validate that message more recent than X.

I have a gut feeling that it's unsafe (although a point was made that since both sender and recipient are under control of same party, this is hard to exploit).

I think that validation should be message in interval [now, now+max_age), perhaps with affordance for clock drift / imperfect time synchronisation it would be [now - ε, now + max_age + ε)

[davidism]

I don't understand the change you're proposing. Could you provide a concrete example?

[dimaqq]

Current code, https://github.com/pallets/itsdangerous/blob/master/src/itsdangerous/timed.py#L90

            if age > max_age:
                raise SignatureExpired(...)

Proposed:

            if age > max_age or age < 0:
                raise SignatureExpired(...)