From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 31 Jan 2013 17:42:26 +0000 (+0100)
Subject: Avoid returning COOKIEs right after system boot
X-Git-Tag: 5.0.3rc1~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68bfee4bc414b9b254dbe73cace5b6f5133ad0be;p=thirdparty%2Fstrongswan.git

Avoid returning COOKIEs right after system boot

When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).

Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.

Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.
---

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index f683cf8183..6b2c2bf5b6 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -296,7 +296,7 @@ static bool cookie_required(private_receiver_t *this,
 		this->last_cookie = now;
 		return TRUE;
 	}
-	if (now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
+	if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
 	{
 		/* We don't disable cookies unless we haven't seen IKE_SA_INITs
 		 * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between