[tor-bugs] #24815 [Core Tor/Tor]: Validate shared random state dates before each voting period

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 13 22:54:30 UTC 2018 

#24815: Validate shared random state dates before each voting period
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  dgoulet
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.9.1-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-sr, tor-ddos, 031-backport,      |  Actual Points:
  032-backport                                   |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * status:  needs_information => new
 * keywords:  tor-sr, tor-ddos => tor-sr, tor-ddos, 031-backport,
               032-backport


Comment:

 I had a quick look.
 This warning:
 {{{
 [info] disk_state_validate: SR: Disk state valid after/until times are
 invalid.
 }}}
 happens when:
 {{{
   /* Make sure we don't have a valid after time that is earlier than a
 valid
    * until time which would make things not work well. */
   if (state->ValidAfter >= state->ValidUntil) {
     log_info(LD_DIR, "SR: Disk state valid after/until times are
 invalid.");
     goto invalid;
   }
 }}}

 The bug is in get_state_valid_until_time():
 {{{
   voting_interval = get_voting_interval();
   /* Find the time the current round started. */
   beginning_of_current_round = get_start_time_of_current_round();

   /* Find how many rounds are left till the end of the protocol run */
   current_round = (now / voting_interval) % total_rounds;
   rounds_left = total_rounds - current_round;

   /* To find the valid-until time now, take the start time of the current
    * round and add to it the time it takes for the leftover rounds to
    * complete. */
   valid_until = beginning_of_current_round + (rounds_left *
 voting_interval);
 }}}

 If rounds_left is zero, then valid_until is beginning_of_current_round.
 But ValidAfter is set to now in disk_state_new(), which can be after
 beginning_of_current_round.

 This is probably a backport candidate, because if all the authorities ever
 have to restart near the end of a SR cycle, we could lose the SR for that
 cycle. Fortunately, it only affects voting, so we don't have to worry
 about breaking consensus.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24815#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list