[or-cvs] r11166: When we are loading state info from disk, never believe any (in tor/trunk: . src/or)

nickm at seul.org nickm at seul.org
Sat Aug 18 18:20:42 UTC 2007 

Author: nickm
Date: 2007-08-18 14:20:42 -0400 (Sat, 18 Aug 2007)
New Revision: 11166

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/circuitbuild.c
   tor/trunk/src/or/hibernate.c
   tor/trunk/src/or/rephist.c
   tor/trunk/src/or/router.c
Log:
 r14659 at catbus:  nickm | 2007-08-18 14:19:34 -0400
 When we are loading state info from disk, never believe any date in the future.  Doing so can keep us from retrying guards, rotating onion keys, storing bandwidth info, etc.  Fixes bug 434, and others. Backport candidate, once it has been tested.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r14659] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-08-18 17:00:07 UTC (rev 11165)
+++ tor/trunk/ChangeLog	2007-08-18 18:20:42 UTC (rev 11166)
@@ -46,6 +46,13 @@
       every time we change any piece of our config.
     - Fix a bug with AutomapHostsOnResolve that would always cause the second
       request to fail.  Bug reported by Kate.  Bugfix on 0.2.0.3-alpha.
+    - When loading bandwidth history, do not believe any information in
+      the future.  Fixes bug 434.
+    - When loading entry guard information, do not believe any information
+      in the future.
+    - When we have our clock set far in the future and generate an onion key,
+      then re-set our clock to be correct, we should not stop the onion
+      key from getting rotated.
 
 
 Changes in version 0.2.0.4-alpha - 2007-08-01

Modified: tor/trunk/src/or/circuitbuild.c
===================================================================
--- tor/trunk/src/or/circuitbuild.c	2007-08-18 17:00:07 UTC (rev 11165)
+++ tor/trunk/src/or/circuitbuild.c	2007-08-18 18:20:42 UTC (rev 11166)
@@ -2465,6 +2465,7 @@
   entry_guard_t *node = NULL;
   smartlist_t *new_entry_guards = smartlist_create();
   config_line_t *line;
+  time_t now = time(NULL);
 
   *msg = NULL;
   for (line = state->EntryGuards; line; line = line->next) {
@@ -2507,6 +2508,11 @@
                           "Bad time in EntryGuardDownSince/UnlistedSince");
         break;
       }
+      if (when > now) {
+        /* It's a bad idea to believe info in the future: you can wind
+         * up with timeouts that aren't allowed to happen for years. */
+        continue;
+      }
       if (strlen(line->value) >= ISO_TIME_LEN+ISO_TIME_LEN+1) {
         /* ignore failure */
         parse_iso_time(line->value+ISO_TIME_LEN+1, &last_try);

Modified: tor/trunk/src/or/hibernate.c
===================================================================
--- tor/trunk/src/or/hibernate.c	2007-08-18 17:00:07 UTC (rev 11165)
+++ tor/trunk/src/or/hibernate.c	2007-08-18 18:20:42 UTC (rev 11166)
@@ -696,6 +696,9 @@
     goto done;
   }
 
+  /* XXXX020 do something if the interval "starts" far in the future?
+   * or do we alrady handle that. */
+
   n_bytes_read_in_interval = n_read;
   n_bytes_written_in_interval = n_written;
   n_seconds_active_in_interval = n_seconds;

Modified: tor/trunk/src/or/rephist.c
===================================================================
--- tor/trunk/src/or/rephist.c	2007-08-18 17:00:07 UTC (rev 11165)
+++ tor/trunk/src/or/rephist.c	2007-08-18 18:20:42 UTC (rev 11166)
@@ -993,7 +993,8 @@
     s_values =  r?state->BWHistoryReadValues:state->BWHistoryWriteValues;
     if (s_values && s_begins >= now - NUM_SECS_BW_SUM_INTERVAL*NUM_TOTALS) {
       start = s_begins - s_interval*(smartlist_len(s_values));
-
+      if (start > now)
+        continue;
       b->cur_obs_time = start;
       b->next_period = start + NUM_SECS_BW_SUM_INTERVAL;
       SMARTLIST_FOREACH(s_values, char *, cp, {
@@ -1002,8 +1003,10 @@
           all_ok=0;
           log_notice(LD_GENERAL, "Could not parse '%s' into a number.'", cp);
         }
-        add_obs(b, start, v);
-        start += NUM_SECS_BW_SUM_INTERVAL;
+        if (start < now) {
+          add_obs(b, start, v);
+          start += NUM_SECS_BW_SUM_INTERVAL;
+        }
       });
     }
 

Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c	2007-08-18 17:00:07 UTC (rev 11165)
+++ tor/trunk/src/or/router.c	2007-08-18 18:20:42 UTC (rev 11166)
@@ -332,6 +332,7 @@
   or_options_t *options = get_options();
   or_state_t *state = get_or_state();
   authority_type_t type;
+  time_t now = time(NULL);
 
   if (!key_lock)
     key_lock = tor_mutex_new();
@@ -389,14 +390,17 @@
   prkey = init_key_from_file(keydir, 1, LOG_ERR);
   if (!prkey) return -1;
   set_onion_key(prkey);
-  if (state->LastRotatedOnionKey > 100) { /* allow for some parsing slop. */
+  if (state->LastRotatedOnionKey > 100 && state->LastRotatedOnionKey < now) {
+    /* We allow for some parsing slop, but we don't want to risk accepting
+     * values in the distant future.  If we did, we might never rotate the
+     * onion key. */
     onionkey_set_at = state->LastRotatedOnionKey;
   } else {
     /* We have no LastRotatedOnionKey set; either we just created the key
      * or it's a holdover from 0.1.2.4-alpha-dev or earlier.  In either case,
      * start the clock ticking now so that we will eventually rotate it even
      * if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
-    state->LastRotatedOnionKey = onionkey_set_at = time(NULL);
+    state->LastRotatedOnionKey = onionkey_set_at = now;
     or_state_mark_dirty(state, options->AvoidDiskWrites ? time(NULL)+3600 : 0);
   }

More information about the tor-commits mailing list