diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2015-05-20 13:13:40 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-25 09:15:57 +0200 |
commit | 163cf55909140ba7cd68d8dd37b854e5f83926f2 (patch) | |
tree | c94eb363082084f3564fdb8d04a2f6171f2ececa | |
parent | 36b1d6f3eb22f754eafa35cde60a7a3d1f1c5d32 (diff) | |
download | sssd-163cf55909140ba7cd68d8dd37b854e5f83926f2.tar.gz sssd-163cf55909140ba7cd68d8dd37b854e5f83926f2.tar.xz sssd-163cf55909140ba7cd68d8dd37b854e5f83926f2.zip |
negcache: Soften condition for expired entries
Type of timestamp for entries in negative cache is time_t
which is number of *seconds* that have elapsed since 1 January 1970.
The condition for ttl was to strict so entry could be valid
from "ttl-1" to ttl e.g.
* ttl is 1 second
* entry was stored to negative cache at 1432120871.999639
stored_timestamp = 1432120871
* entry was tested few miliseconds later 1432120872.001293
current_time = 1432120872
Entry was marked as expired becuase result of condition was false
stored_timestamp + ttl < current_time
1432120871 + 1 < 1432120872
This is a reason why ./test-negcache sometime fails.
It's quite easily reproducible on slow machine or when valgrind was used.
sh$ while libtool --mode=execute valgrind ./test-negcache ; do echo OK: done
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 75e4a7753c44e9f2a7a65fad77d95e394f81c125)
(cherry picked from commit be4569c92c2de86a71232e3f4b94caa1b13281e4)
-rw-r--r-- | src/responder/common/negcache.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index 88dd18fa5..70bb8ba66 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -116,7 +116,7 @@ static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl) goto done; } - if (timestamp + ttl > time(NULL)) { + if (timestamp + ttl >= time(NULL)) { /* still valid */ ret = EEXIST; goto done; |