ike-sa: Avoid possible integer underflow when scheduling reauth after rekeying
If the reauthentication is scheduled while rekeying, the difference might be negative, however, schedule_job() takes an unsigned int, so the reauth would get scheduled very far in the future.
This commit is contained in:
parent
20dfbcad08
commit
97857eaa12
|
@ -2982,7 +2982,7 @@ METHOD(ike_sa_t, inherit_post, void,
|
|||
time_t reauth, delete, now = time_monotonic(NULL);
|
||||
|
||||
this->stats[STAT_REAUTH] = other->stats[STAT_REAUTH];
|
||||
reauth = this->stats[STAT_REAUTH] - now;
|
||||
reauth = max(0, this->stats[STAT_REAUTH] - now);
|
||||
delete = reauth + this->peer_cfg->get_over_time(this->peer_cfg);
|
||||
this->stats[STAT_DELETE] = this->stats[STAT_REAUTH] + delete;
|
||||
DBG1(DBG_IKE, "rescheduling reauthentication in %ds after rekeying, "
|
||||
|
|
Loading…
Reference in New Issue