Avoid returning COOKIEs right after system boot

When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).

Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.

Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index f683cf8..6b2c2bf 100644 (file)
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -296,7 +296,7 @@ static bool cookie_required(private_receiver_t *this,
                this->last_cookie = now;
                return TRUE;
        }
-       if (now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
+       if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
        {
                /* We don't disable cookies unless we haven't seen IKE_SA_INITs
                 * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between