package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch

   1 From 79e60e145f8a595bca5a784c00b437216d51de68 Mon Sep 17 00:00:00 2001
   2 From: Steven Barth <steven@midlink.org>
   3 Date: Mon, 13 Apr 2015 09:45:20 +0200
   4 Subject: [PATCH] dnssec: improve timestamp heuristic
   5
   6 Signed-off-by: Steven Barth <steven@midlink.org>
   7 ---
   8  src/dnssec.c | 15 +++++++++++----
   9  1 file changed, 11 insertions(+), 4 deletions(-)
  10
  11 diff --git a/src/dnssec.c b/src/dnssec.c
  12 index 05e0983..9c02548 100644
  13 --- a/src/dnssec.c
  14 +++ b/src/dnssec.c
  15 @@ -408,17 +408,24 @@ static int back_to_the_future;
  16  int setup_timestamp(void)
  17  {
  18    struct stat statbuf;
  19 -
  20 +  time_t now;
  21 +  time_t base = 1420070400; /* 1-1-2015 */
  22 +
  23    back_to_the_future = 0;
  24
  25    if (!daemon->timestamp_file)
  26      return 0;
  27 -
  28 +
  29 +  now = time(NULL);
  30 +
  31 +  if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0)
  32 +    base = statbuf.st_mtime;
  33 +
  34    if (stat(daemon->timestamp_file, &statbuf) != -1)
  35      {
  36        timestamp_time = statbuf.st_mtime;
  37      check_and_exit:
  38 -      if (difftime(timestamp_time, time(0)) <=  0)
  39 +      if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <=  0)
  40         {
  41           /* time already OK, update timestamp, and do key checking from the start. */
  42           if (utime(daemon->timestamp_file, NULL) == -1)
  43 @@ -439,7 +446,7 @@ int setup_timestamp(void)
  44
  45           close(fd);
  46
  47 -         timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
  48 +         timestamp_time = timbuf.actime = timbuf.modtime = base;
  49           if (utime(daemon->timestamp_file, &timbuf) == 0)
  50             goto check_and_exit;
  51         }
  52 --
  53 2.1.4
  54