From ed9a02af659b49c96bf8ffe6d6d421786e127ef4 Mon Sep 17 00:00:00 2001
From: Seth Schoen <schoen@eff.org>
Date: Fri, 5 Oct 2012 17:47:54 -0700
Subject: [PATCH] only schedule sessions for testing if they aren't already
 scheduled for testing

---
 server-ca/chocolate.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/server-ca/chocolate.py b/server-ca/chocolate.py
index ae40a88ae..f7c6aefd8 100755
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@@ -109,9 +109,15 @@ class session(object):
 
     def request_test(self):
         """Ask a daemon to test challenges."""
-        # TODO: check whether this session is already in pending-testchallenge?
-        sessions.lpush("pending-testchallenge", self.id)
-        sessions.publish("requests", "testchallenge")
+        # There is a race condition between testing for membership and
+        # adding it, but it's quite difficult to "exploit" and the result
+        # of triggering it is just that the same session will be scheduled
+        # for testing twice.  We use locking in the daemon to exclude the
+        # possibility of two daemon processes testing the same session at
+        # once, and check the session's state before beginning to test it.
+        if self.id not in sessions.lrange("pending-testchallenge", 0, -1):
+            sessions.lpush("pending-testchallenge", self.id)
+            sessions.publish("requests", "testchallenge")
 
     def request_made(self):
         """Has there already been a signing request made in this session?"""