[tor/master] prop250: Add a valid flag to sr_commit_t - tor-commits

1 Jul 2016

commit 8ac88f6f9739c5fd5fd5b47af63592faa80b8307
Author: David Goulet dgoulet@torproject.org
Date:   Tue May 10 11:37:28 2016 -0400
prop250: Add a valid flag to sr_commit_t
We assert on it using the ASSERT_COMMIT_VALID() macro in critical places
    where we use them expecting a commit to be valid.
Signed-off-by: David Goulet dgoulet@torproject.org
---
 src/or/shared_random.c       | 9 +++++++++
 src/or/shared_random.h       | 5 +++++
 src/or/shared_random_state.c | 3 +++
 3 files changed, 17 insertions(+)

diff --git a/src/or/shared_random.c b/src/or/shared_random.c
index 967e1e1..e56a239 100644
--- a/src/or/shared_random.c
+++ b/src/or/shared_random.c
@@ -700,6 +700,8 @@ save_commit_to_state(sr_commit_t *commit)
 {
   sr_phase_t phase = sr_state_get_phase();
+  ASSERT_COMMIT_VALID(commit);
+
   switch (phase) {
   case SR_PHASE_COMMIT:
     /* During commit phase, just save any new authoritative commit */
@@ -914,6 +916,8 @@ sr_generate_our_commit(time_t timestamp, const authority_cert_t *my_rsa_cert)
log_debug(LD_DIR, "SR: Generated our commitment:");
   commit_log(commit);
+  /* Our commit better be valid :). */
+  commit->valid = 1;
   return commit;
error:
@@ -942,6 +946,8 @@ sr_compute_srv(void)
   /* We must make a list of commit ordered by authority fingerprint in
    * ascending order as specified by proposal 250. */
   DIGESTMAP_FOREACH(state_commits, key, sr_commit_t *, c) {
+    /* Extra safety net, make sure we have valid commit before using it. */
+    ASSERT_COMMIT_VALID(c);
     smartlist_add(commits, c);
   } DIGESTMAP_FOREACH_END;
   smartlist_sort(commits, compare_reveal_);
@@ -1130,6 +1136,9 @@ sr_handle_received_commits(smartlist_t *commits, crypto_pk_t *voter_key)
       sr_commit_free(commit);
       continue;
     }
+    /* Ok, we have a valid commit now that we are about to put in our state.
+     * so flag it valid from now on. */
+    commit->valid = 1;
     /* Everything lines up: save this commit to state then! */
     save_commit_to_state(commit);
   } SMARTLIST_FOREACH_END(commit);
diff --git a/src/or/shared_random.h b/src/or/shared_random.h
index 573c499..f89f47a 100644
--- a/src/or/shared_random.h
+++ b/src/or/shared_random.h
@@ -48,6 +48,9 @@
 #define SR_SRV_VALUE_BASE64_LEN \
   (((DIGEST256_LEN - 1) / 3) * 4 + 4)
+/* Assert if commit valid flag is not set. */
+#define ASSERT_COMMIT_VALID(c) tor_assert((c)->valid)
+
 /* Protocol phase. */
 typedef enum {
   /* Commitment phase */
@@ -68,6 +71,8 @@ typedef struct sr_srv_t {
 typedef struct sr_commit_t {
   /* Hashing algorithm used. */
   digest_algorithm_t alg;
+  /* Indicate if this commit has been verified thus valid. */
+  unsigned int valid:1;
/* Commit owner info */
diff --git a/src/or/shared_random_state.c b/src/or/shared_random_state.c
index 326b8c9..115d954 100644
--- a/src/or/shared_random_state.c
+++ b/src/or/shared_random_state.c
@@ -410,6 +410,9 @@ disk_state_parse_commits(sr_state_t *state,
        * fingerprint that we don't know about so it shouldn't be used. */
       continue;
     }
+    /* We consider parseable commit from our disk state to be valid because
+     * they need to be in the first place to get in there. */
+    commit->valid = 1;
     /* Add commit to our state pointer. */
     commit_add_to_state(commit, state);

    