Fix updating HSTS entries

* src/hsts.c (hsts_store_entry): Always update 'created' field Fixes: #50490 Reported-by: Deian Stefan, Atyansh Jaiswal, Jonathan Luck
2025-04-17 06:50:34 +08:00 · 2017-03-08 10:56:12 +01:00 · 2017-03-08 10:56:12 +01:00 · 57d748117f
commit 57d748117f
parent 4d729e322f
1 changed files with 9 additions and 9 deletions
--- a/src/hsts.c
+++ b/src/hsts.c
@ -443,7 +443,6 @@ hsts_store_entry (hsts_store_t store,
  enum hsts_kh_match match = NO_MATCH;
  struct hsts_kh *kh = xnew(struct hsts_kh);
  struct hsts_kh_info *entry = NULL;
-  time_t t = 0;

  if (hsts_is_host_eligible (scheme, host))
    {
@ -458,17 +457,18 @@ hsts_store_entry (hsts_store_t store,
            }
          else if (max_age > 0)
            {
-              if (entry->max_age != max_age ||
-                  entry->include_subdomains != include_subdomains)
+              /* RFC 6797 states that 'max_age' is a TTL relative to the
+               * reception of the STS header so we have to update the
+               * 'created' field too. The RFC also states that we have to
+               * update the entry each time we see HSTS header.
+               * See also Section 11.2. */
+              time_t t = time (NULL);
+
+              if (t != -1 && t != entry->created)
                {
-                  /* RFC 6797 states that 'max_age' is a TTL relative to the reception of the STS header
-                     so we have to update the 'created' field too */
-                  t = time (NULL);
-                  if (t != -1)
-                    entry->created = t;
+                  entry->created = t;
                  entry->max_age = max_age;
                  entry->include_subdomains = include_subdomains;
-
                  store->changed = true;
                }
            }