From 29e98f8a4336fb1f81a7e1671cf48723536f3dd8 Mon Sep 17 00:00:00 2001 From: Rob Stradling Date: Wed, 21 Aug 2024 23:33:28 +0100 Subject: [PATCH] fix(ari): avoid Int63n panic in ShouldRenewAt() (#2246) --- certificate/renewal.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/certificate/renewal.go b/certificate/renewal.go index 66c93acba4..ab215923d1 100644 --- a/certificate/renewal.go +++ b/certificate/renewal.go @@ -41,9 +41,11 @@ func (r *RenewalInfoResponse) ShouldRenewAt(now time.Time, willingToSleep time.D end := r.SuggestedWindow.End.UTC() // Select a uniform random time within the suggested window. - window := end.Sub(start) - randomDuration := time.Duration(rand.Int63n(int64(window))) - rt := start.Add(randomDuration) + rt := start + if window := end.Sub(start); window > 0 { + randomDuration := time.Duration(rand.Int63n(int64(window))) + rt = rt.Add(randomDuration) + } // If the selected time is in the past, attempt renewal immediately. if rt.Before(now) {