Skip Menu |
 

Subject: OTP RADIUS tries one too few times and times out too quickly
The KDC-side support for OTP RADIUS accepts two parameters in the token
configuration to control the total timeout and the number of retries.
These parameters are eventually handled by kr_remote_send, which
receives the timeout in milliseconds and the number of retries.
kr_remote_send divides the total timeout into an even number of pieces
per try:

timeout = timeout / (retries + 1);

When a request times out, on_timeout is called. It contains an off-by-
one error:

/* If we have more retries to perform, resend the packet. */
if (req->retries-- > 1) {

As a result, we make one try fewer than we should, and time out the
whole thing at (timeout / (retries + 1) * retries) milliseconds.
From: ghudson@mit.edu
Subject: git commit

Fix fencepost error in krad timeout handler

https://github.com/krb5/krb5/commit/f4fce5afd8c4bb5e46aa7041f10118026c5152f0
Author: Greg Hudson <ghudson@mit.edu>
Commit: f4fce5afd8c4bb5e46aa7041f10118026c5152f0
Branch: master
src/lib/krad/remote.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Fix fencepost error in krad timeout handler

(cherry picked from commit f4fce5afd8c4bb5e46aa7041f10118026c5152f0)

https://github.com/krb5/krb5/commit/01987783006ba486b0a5772db9d40168b6bfdced
Author: Greg Hudson <ghudson@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 01987783006ba486b0a5772db9d40168b6bfdced
Branch: krb5-1.12
src/lib/krad/remote.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)