sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

r15760@catbus: nickm | 2007-10-14 04:16:19 -0400 

Backport 11166: When loading state info from disk, never believe any date in the future.


svn:r11925
This commit is contained in:
Nick Mathewson 2007-10-14 08:48:48 +00:00
parent 8bf32223d7
commit 172773cf55
5 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -24,6 +24,13 @@ Changes in version 0.1.2.18 - 2007-??-??
were reporting the dir port.)
- Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
command. Bugfix on 0.1.2.17.
- When loading bandwidth history, do not believe any information in
the future. Fixes bug 434.
- When loading entry guard information, do not believe any information
in the future.
- When we have our clock set far in the future and generate an onion key,
then re-set our clock to be correct, we should not stop the onion
key from getting rotated.
Changes in version 0.1.2.17 - 2007-08-30

2
doc/TODO.012
View File

@ -2,7 +2,7 @@
description of the patch.)
Backport items for 0.1.2:
N - r11166: Don't believe future dates from the state file.
o r11166: Don't believe future dates from the state file.
N - r11828+: Detect bad sa_family from accept().
N - r11882: Avoid crash-bug 451.
N - r11886: Consider family as well as identity when cannibalizing circuits.

6
src/or/circuitbuild.c
View File

@ -2417,6 +2417,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
entry_guard_t *node = NULL;
smartlist_t *new_entry_guards = smartlist_create();
config_line_t *line;
time_t now = time(NULL);
*msg = NULL;
for (line = state->EntryGuards; line; line = line->next) {
@ -2459,6 +2460,11 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
"Bad time in EntryGuardDownSince/UnlistedSince");
break;
}
if (when > now) {
/* It's a bad idea to believe info in the future: you can wind
* up with timeouts that aren't allowed to happen for years. */
continue;
}
if (strlen(line->value) >= ISO_TIME_LEN+ISO_TIME_LEN+1) {
/* ignore failure */
parse_iso_time(line->value+ISO_TIME_LEN+1, &last_try);

8
src/or/rephist.c
View File

@ -719,6 +719,8 @@ rep_hist_load_state(or_state_t *state, char **err)
if (s_values && s_begins >= now - NUM_SECS_BW_SUM_INTERVAL*NUM_TOTALS) {
start = s_begins - s_interval*(smartlist_len(s_values));
if (start > now)
continue;
b->cur_obs_time = start;
b->next_period = start + NUM_SECS_BW_SUM_INTERVAL;
SMARTLIST_FOREACH(s_values, char *, cp, {
@ -727,8 +729,10 @@ rep_hist_load_state(or_state_t *state, char **err)
all_ok=0;
log_notice(LD_GENERAL, "Could not parse '%s' into a number.'", cp);
}
add_obs(b, start, v);
start += NUM_SECS_BW_SUM_INTERVAL;
if (start < now) {
add_obs(b, start, v);
start += NUM_SECS_BW_SUM_INTERVAL;
}
});
}

10
src/or/router.c
View File

@ -239,6 +239,7 @@ init_keys(void)
char digest[20];
char *cp;
or_options_t *options = get_options();
time_t now = time(NULL);
if (!key_lock)
key_lock = tor_mutex_new();
@ -287,16 +288,19 @@ init_keys(void)
if (options->command == CMD_RUN_TOR) {
/* Only mess with the state file if we're actually running Tor */
or_state_t *state = get_or_state();
if (state->LastRotatedOnionKey > 100) { /* allow for some parsing slop. */
if (state->LastRotatedOnionKey > 100 && state->LastRotatedOnionKey < now) {
/* We allow for some parsing slop, but we don't want to risk accepting
* valus in the distant future. If we did, we might never rotate the
* onion key. */
onionkey_set_at = state->LastRotatedOnionKey;
} else {
/* We have no LastRotatedOnionKey set; either we just created the key
* or it's a holdover from 0.1.2.4-alpha-dev or earlier. In either case,
* start the clock ticking now so that we will eventually rotate it even
* if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
state->LastRotatedOnionKey = onionkey_set_at = time(NULL);
state->LastRotatedOnionKey = onionkey_set_at = now;
or_state_mark_dirty(state,
options->AvoidDiskWrites ? time(NULL)+3600 : 0);
options->AvoidDiskWrites ? now+3600 : 0);
}
}