[GODRIVER-2349] Prevent session ID reuse due to lower-than-expected system clock resolution Created: 18/Mar/22 Updated: 28/Oct/23 Resolved: 30/Mar/22 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | None |
| Affects Version/s: | 1.8.0, 1.8.4 |
| Fix Version/s: | 1.9.0, 1.8.5 |
| Type: | Bug | Priority: | Unknown |
| Reporter: | Matt Dale | Assignee: | Matt Dale |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Description |
|
In various conditions, time.Now() returns a time with lower-than-expected resolution (500μs to 15ms). The Go driver uses time.Now() to seed some pseudo-random number generators, including the one for generating session IDs here. Due to that, it's possible to start two processes that reproduce the same sequence of session IDs if they are started at almost the same time. Some known cases of low resolution clocks in Go:
See the proposal for monotonic clocks in Go for more details about how Go measures time using both wall clocks and monotonic clocks. For seeding all pseudo-random number generators in the Go driver, replace time.Now() with an int64 read from the "crypto/rand" random source. |
| Comments |
| Comment by Githook User [ 31/Mar/22 ] |
|
Author: {'name': 'Matt Dale', 'email': '9760375+matthewdale@users.noreply.github.com', 'username': 'matthewdale'}Message: |
| Comment by Githook User [ 30/Mar/22 ] |
|
Author: {'name': 'Matt Dale', 'email': '9760375+matthewdale@users.noreply.github.com', 'username': 'matthewdale'}Message: |
| Comment by Matt Dale [ 25/Mar/22 ] |