From 8171d9f50f985de743a415ae5bf61b97e91ce8c8 Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@torproject.org>
Date: Tue, 7 Nov 2017 11:08:12 -0500
Subject: [PATCH 1/2] Recalculate voting schedule first when getting a new
 consensus

Because the HS and SR subsystems can use the voting schedule early (with the
changes in #23623 making the SR subsystem using the static voting schedule
object), we need to recalculate the schedule very early when setting the new
consensus.

Fixes #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
---
 src/or/networkstatus.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 93bb8643d..2660e6a32 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1939,13 +1939,17 @@ networkstatus_set_current_consensus(const char *consensus,
   }
 
   if (is_usable_flavor) {
+    /* The "current" consensus has just been set and it is a usable flavor so
+     * the first thing we need to do is recalculate the voting schedule static
+     * object so we can use the timings in there needed by some subsystems
+     * such as hidden service and shared random. */
+    dirvote_recalculate_timing(options, now);
+
     nodelist_set_consensus(c);
 
     /* XXXXNM Microdescs: needs a non-ns variant. ???? NM*/
     update_consensus_networkstatus_fetch_time(now);
 
-    dirvote_recalculate_timing(options, now);
-
     /* Update ewma and adjust policy if needed; first cache the old value */
     old_ewma_enabled = cell_ewma_enabled();
     /* Change the cell EWMA settings */

From e67f4441eb2646368e3e7cb1bcee403667b786f0 Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@torproject.org>
Date: Tue, 7 Nov 2017 11:14:45 -0500
Subject: [PATCH 2/2] Add a safe guard to avoid using a zeroed voting schedule

dirvote_get_next_valid_after_time() is the only public function that uses the
voting schedule outside of the dirvote subsystem so if it is zeroed,
recalculate its timing if we can that is if a consensus exists.

Part of #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
---
 src/or/dirvote.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index c5ceefecb..33e5ea7d5 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -2859,6 +2859,13 @@ static voting_schedule_t voting_schedule;
 time_t
 dirvote_get_next_valid_after_time(void)
 {
+  /* This is a safe guard in order to make sure that the voting schedule
+   * static object is at least initialized. Using this function with a zeroed
+   * voting schedule can lead to bugs. */
+  if (tor_mem_is_zero((const char *) &voting_schedule,
+                      sizeof(voting_schedule))) {
+    dirvote_recalculate_timing(get_options(), time(NULL));
+  }
   return voting_schedule.interval_starts;
 }