[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r11925: Backport 11166: When loading state info from disk, never bel (in tor/branches/tor-0_1_2-patches: . doc src/or)
Author: nickm
Date: 2007-10-14 04:48:48 -0400 (Sun, 14 Oct 2007)
New Revision: 11925
Modified:
tor/branches/tor-0_1_2-patches/
tor/branches/tor-0_1_2-patches/ChangeLog
tor/branches/tor-0_1_2-patches/doc/TODO.012
tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c
tor/branches/tor-0_1_2-patches/src/or/rephist.c
tor/branches/tor-0_1_2-patches/src/or/router.c
Log:
r15760@catbus: nickm | 2007-10-14 04:16:19 -0400
Backport 11166: When loading state info from disk, never believe any date in the future.
Property changes on: tor/branches/tor-0_1_2-patches
___________________________________________________________________
svk:merge ticket from /tor/012 [r15760] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/branches/tor-0_1_2-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_1_2-patches/ChangeLog 2007-10-14 08:06:23 UTC (rev 11924)
+++ tor/branches/tor-0_1_2-patches/ChangeLog 2007-10-14 08:48:48 UTC (rev 11925)
@@ -24,6 +24,13 @@
were reporting the dir port.)
- Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
command. Bugfix on 0.1.2.17.
+ - When loading bandwidth history, do not believe any information in
+ the future. Fixes bug 434.
+ - When loading entry guard information, do not believe any information
+ in the future.
+ - When we have our clock set far in the future and generate an onion key,
+ then re-set our clock to be correct, we should not stop the onion
+ key from getting rotated.
Changes in version 0.1.2.17 - 2007-08-30
Modified: tor/branches/tor-0_1_2-patches/doc/TODO.012
===================================================================
--- tor/branches/tor-0_1_2-patches/doc/TODO.012 2007-10-14 08:06:23 UTC (rev 11924)
+++ tor/branches/tor-0_1_2-patches/doc/TODO.012 2007-10-14 08:48:48 UTC (rev 11925)
@@ -2,7 +2,7 @@
description of the patch.)
Backport items for 0.1.2:
-N - r11166: Don't believe future dates from the state file.
+ o r11166: Don't believe future dates from the state file.
N - r11828+: Detect bad sa_family from accept().
N - r11882: Avoid crash-bug 451.
N - r11886: Consider family as well as identity when cannibalizing circuits.
Modified: tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c 2007-10-14 08:06:23 UTC (rev 11924)
+++ tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c 2007-10-14 08:48:48 UTC (rev 11925)
@@ -2417,6 +2417,7 @@
entry_guard_t *node = NULL;
smartlist_t *new_entry_guards = smartlist_create();
config_line_t *line;
+ time_t now = time(NULL);
*msg = NULL;
for (line = state->EntryGuards; line; line = line->next) {
@@ -2459,6 +2460,11 @@
"Bad time in EntryGuardDownSince/UnlistedSince");
break;
}
+ if (when > now) {
+ /* It's a bad idea to believe info in the future: you can wind
+ * up with timeouts that aren't allowed to happen for years. */
+ continue;
+ }
if (strlen(line->value) >= ISO_TIME_LEN+ISO_TIME_LEN+1) {
/* ignore failure */
parse_iso_time(line->value+ISO_TIME_LEN+1, &last_try);
Modified: tor/branches/tor-0_1_2-patches/src/or/rephist.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/rephist.c 2007-10-14 08:06:23 UTC (rev 11924)
+++ tor/branches/tor-0_1_2-patches/src/or/rephist.c 2007-10-14 08:48:48 UTC (rev 11925)
@@ -719,6 +719,8 @@
if (s_values && s_begins >= now - NUM_SECS_BW_SUM_INTERVAL*NUM_TOTALS) {
start = s_begins - s_interval*(smartlist_len(s_values));
+ if (start > now)
+ continue;
b->cur_obs_time = start;
b->next_period = start + NUM_SECS_BW_SUM_INTERVAL;
SMARTLIST_FOREACH(s_values, char *, cp, {
@@ -727,8 +729,10 @@
all_ok=0;
log_notice(LD_GENERAL, "Could not parse '%s' into a number.'", cp);
}
- add_obs(b, start, v);
- start += NUM_SECS_BW_SUM_INTERVAL;
+ if (start < now) {
+ add_obs(b, start, v);
+ start += NUM_SECS_BW_SUM_INTERVAL;
+ }
});
}
Modified: tor/branches/tor-0_1_2-patches/src/or/router.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/router.c 2007-10-14 08:06:23 UTC (rev 11924)
+++ tor/branches/tor-0_1_2-patches/src/or/router.c 2007-10-14 08:48:48 UTC (rev 11925)
@@ -239,6 +239,7 @@
char digest[20];
char *cp;
or_options_t *options = get_options();
+ time_t now = time(NULL);
if (!key_lock)
key_lock = tor_mutex_new();
@@ -287,16 +288,19 @@
if (options->command == CMD_RUN_TOR) {
/* Only mess with the state file if we're actually running Tor */
or_state_t *state = get_or_state();
- if (state->LastRotatedOnionKey > 100) { /* allow for some parsing slop. */
+ if (state->LastRotatedOnionKey > 100 && state->LastRotatedOnionKey < now) {
+ /* We allow for some parsing slop, but we don't want to risk accepting
+ * valus in the distant future. If we did, we might never rotate the
+ * onion key. */
onionkey_set_at = state->LastRotatedOnionKey;
} else {
/* We have no LastRotatedOnionKey set; either we just created the key
* or it's a holdover from 0.1.2.4-alpha-dev or earlier. In either case,
* start the clock ticking now so that we will eventually rotate it even
* if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
- state->LastRotatedOnionKey = onionkey_set_at = time(NULL);
+ state->LastRotatedOnionKey = onionkey_set_at = now;
or_state_mark_dirty(state,
- options->AvoidDiskWrites ? time(NULL)+3600 : 0);
+ options->AvoidDiskWrites ? now+3600 : 0);
}
}