From: bert hubert <bert.hubert@netherlabs.nl>
Date: Wed, 10 Dec 2014 14:41:23 +0000 (+0100)
Subject: don't do time(0) under signature cache lock
X-Git-Tag: rec-3.7.0-rc1~124
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a732a4c9a72353c5d07ef590cf80ade49c29db7a;p=pdns

don't do time(0) under signature cache lock
---

diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc
index a36b78e1c..680ce31d4 100644
--- a/pdns/dnssecsigner.cc
+++ b/pdns/dnssecsigner.cc
@@ -152,11 +152,11 @@ void fillOutRRSIG(DNSSECPrivateKey& dpk, const std::string& signQName, RRSIGReco
   rrc.d_signature = rc->sign(msg);
 
   if(doCache) {
-    WriteLock l(&g_signatures_lock);
     /* we add some jitter here so not all your slaves start pruning their caches at the very same millisecond */
     int weekno = (time(0) - dns_random(3600)) / (86400*7);  // we just spent milliseconds doing a signature, microsecond more won't kill us
     const static int maxcachesize=::arg().asNum("max-signature-cache-entries", INT_MAX);
-  
+
+    WriteLock l(&g_signatures_lock);
     if(g_cacheweekno < weekno || g_signatures.size() >= (uint) maxcachesize) {  // blunt but effective (C) Habbie, mind04
       L<<Logger::Warning<<"Cleared signature cache."<<endl;
       g_signatures.clear();