From c8b0b0287872a35906eac9f5ce7e156e5cb4e1c5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 24 Jul 2018 18:02:12 +0200 Subject: [PATCH] daemon/tls session tickets: avoid bad scheduling cycles This should fix #385: possible floods with > scheduling rotation check in 0 ms --- NEWS | 5 +++++ daemon/tls_session_ticket-srv.c | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index a2fea9e34..a2f7ee585 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +Bugfixes +-------- +- TLS session resumption: avoid bad scheduling of rotation (#385) + + Knot Resolver 2.4.0 (2018-07-03) ================================ diff --git a/daemon/tls_session_ticket-srv.c b/daemon/tls_session_ticket-srv.c index 9c7acbb18..ff1471b7d 100644 --- a/daemon/tls_session_ticket-srv.c +++ b/daemon/tls_session_ticket-srv.c @@ -207,7 +207,8 @@ static void tst_key_check(uv_timer_t *timer, bool force_update) const time_t tv_sec_next = (epoch + 1) * TST_KEY_LIFETIME; const uint64_t ms_until_second = 1000 - (now.tv_usec + 501) / 1000; const uint64_t remain_ms = (tv_sec_next - now.tv_sec - 1) * (uint64_t)1000 - + ms_until_second; + + ms_until_second + 1; + /* ^ +1 because we don't want to wake up half a millisecond before the epoch! */ assert(remain_ms < (TST_KEY_LIFETIME + 1 /*rounding tolerance*/) * 1000); kr_log_verbose("[tls] session ticket: epoch %"PRIu64 ", scheduling rotation check in %"PRIu64" ms\n", -- 2.47.2