ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Avoid returning COOKIEs right after system boot 

When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).

Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.

Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.
This commit is contained in:
Tobias Brunner 2013-01-31 18:42:26 +01:00
parent 2071dd63d6
commit 68bfee4bc4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libcharon/network/receiver.c
View File

@ -296,7 +296,7 @@ static bool cookie_required(private_receiver_t *this,
this->last_cookie = now;
return TRUE;
}
if (now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
{
/* We don't disable cookies unless we haven't seen IKE_SA_INITs
* for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between