Add a safe guard to avoid using a zeroed voting schedule

dirvote_get_next_valid_after_time() is the only public function that uses the voting schedule outside of the dirvote subsystem so if it is zeroed, recalculate its timing if we can that is if a consensus exists. Part of #24161 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:14:45 -05:00 · 2017-11-07 11:14:45 -05:00 · e67f4441eb
parent 8171d9f50f
commit e67f4441eb
1 changed files with 7 additions and 0 deletions
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@ -2859,6 +2859,13 @@ static voting_schedule_t voting_schedule;
 time_t
 dirvote_get_next_valid_after_time(void)
 {
+  /* This is a safe guard in order to make sure that the voting schedule
+   * static object is at least initialized. Using this function with a zeroed
+   * voting schedule can lead to bugs. */
+  if (tor_mem_is_zero((const char *) &voting_schedule,
+                      sizeof(voting_schedule))) {
+    dirvote_recalculate_timing(get_options(), time(NULL));
+  }
  return voting_schedule.interval_starts;
 }