From: Dmitriy Alexandrov <d06alexandrov@gmail.com>
Date: Mon, 14 Nov 2022 10:09:52 +0000 (+0400)
Subject: child-cfg: Fix apply_jitter() in case jitter is bigger than rekey value
X-Git-Tag: 5.9.9rc1~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4508656151009a8e3bb83ae60b25d14556aa543;p=thirdparty%2Fstrongswan.git

child-cfg: Fix apply_jitter() in case jitter is bigger than rekey value

Also avoid returning 0 and disabling rekeying in the rare case of
`jitter = rekey` and the `1/jitter` chance of that happening (returning
1 at least doesn't disable rekeying).

Co-authored-by: Tobias Brunner <tobias@strongswan.org>

Closes strongswan/strongswan#1414
---

diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index bc9cff7129..837495c59e 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -435,7 +435,7 @@ static uint64_t apply_jitter(uint64_t rekey, uint64_t jitter)
 		return rekey;
 	}
 	jitter = (jitter == UINT64_MAX) ? jitter : jitter + 1;
-	return rekey - jitter * (random() / (RAND_MAX + 1.0));
+	return rekey - (uint64_t)(min(jitter, rekey) * (random() / (RAND_MAX + 1.0)));
 }
 #define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter)