Fix tsig fudge factor
Excellent bug report from freb, about how this fails when a message arrives in the past (because of clock skew). Closes #153
This commit is contained in:
parent
34f43d398b
commit
6e3a9dd0d8
9
tsig.go
9
tsig.go
|
@ -225,7 +225,14 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
|||
}
|
||||
|
||||
buf := tsigBuffer(stripped, tsig, requestMAC, timersOnly)
|
||||
ti := uint64(time.Now().Unix()) - tsig.TimeSigned
|
||||
|
||||
// Fudge factor works both ways. A message can arrive before it was signed because
|
||||
// of clock skew.
|
||||
now := uint64(time.Now().Unix())
|
||||
ti := now - tsig.TimeSigned
|
||||
if now < tsig.TimeSigned {
|
||||
ti = tsig.TimeSigned - now
|
||||
}
|
||||
if uint64(tsig.Fudge) < ti {
|
||||
return ErrTime
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue