From b9f813fb4b7de1042370b529b9ccc036b208465b Mon Sep 17 00:00:00 2001
From: murilo ijanc
Date: Wed, 25 Mar 2026 14:22:21 -0300
Subject: Fix critical data integrity and security issues

- Atomic writes in store (write-to-temp + rename) to prevent
  corruption on crash
- Validate DHT results against requested content hash to reject
  forged data from malicious nodes
- Limit protocol line size to 128 KiB on Unix socket to prevent
  memory exhaustion
- Use saturating_add for TTL expiry to prevent u64 overflow
---
 src/paste.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/paste.rs')

diff --git a/src/paste.rs b/src/paste.rs
index 50b32b1..8bfe979 100644
--- a/src/paste.rs
+++ b/src/paste.rs
@@ -81,7 +81,7 @@ impl Paste {
             .duration_since(std::time::UNIX_EPOCH)
             .unwrap_or_default()
             .as_secs();
-        now > self.created_at + self.ttl_secs
+        now > self.created_at.saturating_add(self.ttl_secs)
     }
 }
 
-- 
cgit v1.2.3