From 4e66a2d436e0e79043eb5c06acf16bf585e361bd Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Wed, 28 Nov 2018 15:53:13 +0000
Subject: [PATCH] Don't re-establish sessions with unknown devices

as it won't work
---
 src/crypto/index.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/crypto/index.js b/src/crypto/index.js
index bcc5105e74f..d36f449aa4d 100644
--- a/src/crypto/index.js
+++ b/src/crypto/index.js
@@ -1453,19 +1453,26 @@ Crypto.prototype._onToDeviceBadEncrypted = async function(event) {
         );
         return;
     }
-    this._lastNewSessionForced[sender][deviceKey] = Date.now();
 
     // establish a new olm session with this device since we're failing to decrypt messages
     // on a current session.
     // Note that an undecryptable message from another device could easily be spoofed -
     // is there anything we can do to mitigate this?
     const device = this._deviceList.getDeviceByIdentityKey(algorithm, deviceKey);
+    if (!device) {
+        logger.info(
+            "Couldn't find device for identity key " + deviceKey +
+            ": not re-establishing session",
+        );
+    }
     const devicesByUser = {};
     devicesByUser[sender] = [device];
     await olmlib.ensureOlmSessionsForDevices(
         this._olmDevice, this._baseApis, devicesByUser, true,
     );
 
+    this._lastNewSessionForced[sender][deviceKey] = Date.now();
+
     // Now send a blank message on that session so the other side knows about it.
     // (The keyshare request is sent in the clear so that won't do)
     // We send this first such that, as long as the toDevice messages arrive in the