From: Vladimír Čunát Date: Tue, 24 Jul 2018 16:02:12 +0000 (+0200) Subject: daemon/tls session tickets: avoid bad scheduling cycles X-Git-Tag: v2.4.1~8^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8b0b0287872a35906eac9f5ce7e156e5cb4e1c5;p=thirdparty%2Fknot-resolver.git daemon/tls session tickets: avoid bad scheduling cycles This should fix #385: possible floods with > scheduling rotation check in 0 ms --- diff --git a/NEWS b/NEWS index a2fea9e34..a2f7ee585 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +Bugfixes +-------- +- TLS session resumption: avoid bad scheduling of rotation (#385) + + Knot Resolver 2.4.0 (2018-07-03) ================================ diff --git a/daemon/tls_session_ticket-srv.c b/daemon/tls_session_ticket-srv.c index 9c7acbb18..ff1471b7d 100644 --- a/daemon/tls_session_ticket-srv.c +++ b/daemon/tls_session_ticket-srv.c @@ -207,7 +207,8 @@ static void tst_key_check(uv_timer_t *timer, bool force_update) const time_t tv_sec_next = (epoch + 1) * TST_KEY_LIFETIME; const uint64_t ms_until_second = 1000 - (now.tv_usec + 501) / 1000; const uint64_t remain_ms = (tv_sec_next - now.tv_sec - 1) * (uint64_t)1000 - + ms_until_second; + + ms_until_second + 1; + /* ^ +1 because we don't want to wake up half a millisecond before the epoch! */ assert(remain_ms < (TST_KEY_LIFETIME + 1 /*rounding tolerance*/) * 1000); kr_log_verbose("[tls] session ticket: epoch %"PRIu64 ", scheduling rotation check in %"PRIu64" ms\n",