commit 3a0c6021556abc96f4c610d5e097e3890216595f Author: Nick Mathewson nickm@torproject.org Date: Fri Mar 11 13:03:25 2011 -0500

Clarify threat description and avoid negative uptimes. --- changes/hsdir_assignment | 7 ++++--- src/or/rephist.c | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment index ba01990..5c04b9b 100644 --- a/changes/hsdir_assignment +++ b/changes/hsdir_assignment @@ -2,6 +2,7 @@ - Directory authorities now use data collected from rephist when choosing whether to assign the HSDir flag to relays, instead of trusting the uptime value the relay reports in its descriptor. - This helps prevent an attack where relatively few malaicious - nodes can blackhole any given hidden service. Bugfix on - 0.2.0.10-alpha; fixes bug 2709. + This helps prevent an attack where a small set of nodes with + frequently-changing identity keys can blackhole a hidden service. + (Only authorities need upgrade; others will be fine once they do.) + Bugfix on 0.2.0.10-alpha; fixes bug 2709. diff --git a/src/or/rephist.c b/src/or/rephist.c index 69001de..e4afe62 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -537,7 +537,7 @@ rep_hist_get_uptime(const char *id, time_t when) or_history_t *hist = get_or_history(id); if (!hist) return 0; - if (!hist->start_of_run) + if (!hist->start_of_run || when < hist->start_of_run) return 0; return when - hist->start_of_run; }