From e5217bba4fce0447979572041ec9b31b534d3015 Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Wed, 10 Dec 2014 15:41:23 +0100
Subject: [PATCH] don't do time(0) under signature cache lock

---
 pdns/dnssecsigner.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc
index 82766ccc9..626a6c0a7 100644
--- a/pdns/dnssecsigner.cc
+++ b/pdns/dnssecsigner.cc
@@ -152,11 +152,11 @@ void fillOutRRSIG(DNSSECPrivateKey& dpk, const std::string& signQName, RRSIGReco
   rrc.d_signature = rc->sign(msg);
 
   if(doCache) {
-    WriteLock l(&g_signatures_lock);
     /* we add some jitter here so not all your slaves start pruning their caches at the very same millisecond */
     int weekno = (time(0) - dns_random(3600)) / (86400*7);  // we just spent milliseconds doing a signature, microsecond more won't kill us
     const static int maxcachesize=::arg().asNum("max-signature-cache-entries", INT_MAX);
-  
+
+    WriteLock l(&g_signatures_lock);
     if(g_cacheweekno < weekno || g_signatures.size() >= (uint) maxcachesize) {  // blunt but effective (C) Habbie, mind04
       L<<Logger::Warning<<"Cleared signature cache."<<endl;
       g_signatures.clear();
-- 
2.40.0