5 years ago · 11a76b903b
--- a/changes/bug24977
+++ b/changes/bug24977
@@ -0,0 +1,5 @@
 
				+  o Minor bugfixes (onion services):
			
 
				+    - Recompute some consensus information after clock skews or when we
			
 
				+      transition from a non-live consensus to a live consensus. We do this to
			
 
				+      avoid having an outdated state which could impact next-generation onion
			
 
				+      services. Fixes bug 24977; bugfix on 0.3.2.1-alpha.
			
--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@@ -1338,15 +1338,20 @@ hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,
 
				 
			
 
				   sorted_nodes = smartlist_new();
			
 
				 
			
 
				+  /* Make sure we actually have a live consensus */
			
 
				+  networkstatus_t *c = networkstatus_get_live_consensus(approx_time());
			
 
				+  if (!c || smartlist_len(c->routerstatus_list) == 0) {
			
 
				+      log_warn(LD_REND, "No live consensus so we can't get the responsible "
			
 
				+               "hidden service directories.");
			
 
				+      goto done;
			
 
				+  }
			
 
				+
			
 
				+  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
			
 
				+  nodelist_ensure_freshness(c);
			
 
				+
			
 
				   /* Add every node_t that support HSDir v3 for which we do have a valid
			
 
				    * hsdir_index already computed for them for this consensus. */
			
 
				   {
			
 
				-    networkstatus_t *c = networkstatus_get_latest_consensus();
			
 
				-    if (!c || smartlist_len(c->routerstatus_list) == 0) {
			
 
				-      log_warn(LD_REND, "No valid consensus so we can't get the responsible "
			
 
				-                        "hidden service directories.");
			
 
				-      goto done;
			
 
				-    }
			
 
				     SMARTLIST_FOREACH_BEGIN(c->routerstatus_list, const routerstatus_t *, rs) {
			
 
				       /* Even though this node_t object won't be modified and should be const,
			
 
				        * we can't add const object in a smartlist_t. */
			
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -121,6 +121,11 @@ typedef struct nodelist_t {
 
				 
			
 
				   /* Set of addresses that belong to nodes we believe in. */
			
 
				   address_set_t *node_addrs;
			
 
				+
			
 
				+  /* The valid-after time of the last live consensus that initialized the
			
 
				+   * nodelist.  We use this to detect outdated nodelists that need to be
			
 
				+   * rebuilt using a newer consensus. */
			
 
				+  time_t live_consensus_valid_after;
			
 
				 } nodelist_t;
			
 
				 
			
 
				 static inline unsigned int
			
@@ -638,6 +643,12 @@ nodelist_set_consensus(networkstatus_t *ns)
 
				       }
			
 
				     } SMARTLIST_FOREACH_END(node);
			
 
				   }
			
 
				+
			
 
				+  /* If the consensus is live, note down the consensus valid-after that formed
			
 
				+   * the nodelist. */
			
 
				+  if (networkstatus_is_live(ns, approx_time())) {
			
 
				+    the_nodelist->live_consensus_valid_after = ns->valid_after;
			
 
				+  }
			
 
				 }
			
 
				 
			
 
				 /** Return 1 iff <b>node</b> has Exit flag and no BadExit flag.
			
@@ -871,6 +882,25 @@ nodelist_assert_ok(void)
 
				   digestmap_free(dm, NULL);
			
 
				 }
			
 
				 
			
 
				+/** Ensure that the nodelist has been created with the most recent consensus.
			
 
				+ *  If that's not the case, make it so.  */
			
 
				+void
			
 
				+nodelist_ensure_freshness(networkstatus_t *ns)
			
 
				+{
			
 
				+  tor_assert(ns);
			
 
				+
			
 
				+  /* We don't even have a nodelist: this is a NOP. */
			
 
				+  if (!the_nodelist) {
			
 
				+    return;
			
 
				+  }
			
 
				+
			
 
				+  if (the_nodelist->live_consensus_valid_after != ns->valid_after) {
			
 
				+    log_info(LD_GENERAL, "Nodelist was not fresh: rebuilding. (%d / %d)",
			
 
				+             (int) the_nodelist->live_consensus_valid_after,
			
 
				+             (int) ns->valid_after);
			
 
				+    nodelist_set_consensus(ns);
			
 
				+  }
			
 
				+}
			
 
				 /** Return a list of a node_t * for every node we know about.  The caller
			
 
				  * MUST NOT modify the list. (You can set and clear flags in the nodes if
			
 
				  * you must, but you must not add or remove nodes.) */
			
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@@ -29,6 +29,7 @@ const node_t *node_get_by_hex_id(const char *identity_digest,
 
				 node_t *nodelist_set_routerinfo(routerinfo_t *ri, routerinfo_t **ri_old_out);
			
 
				 node_t *nodelist_add_microdesc(microdesc_t *md);
			
 
				 void nodelist_set_consensus(networkstatus_t *ns);
			
 
				+void nodelist_ensure_freshness(networkstatus_t *ns);
			
 
				 int nodelist_probably_contains_address(const tor_addr_t *addr);
			
 
				 
			
 
				 void nodelist_remove_microdesc(const char *identity_digest, microdesc_t *md);
			
--- a/src/or/voting_schedule.c
+++ b/src/or/voting_schedule.c
@@ -85,6 +85,10 @@ get_voting_schedule(const or_options_t *options, time_t now, int severity)
 
				     interval = (int)( consensus->fresh_until - consensus->valid_after );
			
 
				     vote_delay = consensus->vote_seconds;
			
 
				     dist_delay = consensus->dist_seconds;
			
 
				+
			
 
				+    /* Note down the consensus valid after, so that we detect outdated voting
			
 
				+     * schedules in case of skewed clocks etc. */
			
 
				+    new_voting_schedule->live_consensus_valid_after = consensus->valid_after;
			
 
				   } else {
			
 
				     interval = options->TestingV3AuthInitialVotingInterval;
			
 
				     vote_delay = options->TestingV3AuthInitialVoteDelay;
			
@@ -140,14 +144,34 @@ voting_schedule_t voting_schedule;
 
				 time_t
			
 
				 voting_schedule_get_next_valid_after_time(void)
			
 
				 {
			
 
				+  time_t now = approx_time();
			
 
				+  bool need_to_recalculate_voting_schedule = false;
			
 
				+
			
 
				   /* This is a safe guard in order to make sure that the voting schedule
			
 
				    * static object is at least initialized. Using this function with a zeroed
			
 
				    * voting schedule can lead to bugs. */
			
 
				   if (tor_mem_is_zero((const char *) &voting_schedule,
			
 
				                       sizeof(voting_schedule))) {
			
 
				-    voting_schedule_recalculate_timing(get_options(), time(NULL));
			
 
				+    need_to_recalculate_voting_schedule = true;
			
 
				+    goto done; /* no need for next check if we have to recalculate anyway */
			
 
				+  }
			
 
				+
			
 
				+  /* Also make sure we are not using an outdated voting schedule. If we have a
			
 
				+   * newer consensus, make sure we recalculate the voting schedule. */
			
 
				+  const networkstatus_t *ns = networkstatus_get_live_consensus(now);
			
 
				+  if (ns && ns->valid_after != voting_schedule.live_consensus_valid_after) {
			
 
				+    log_info(LD_DIR, "Voting schedule is outdated: recalculating (%d/%d)",
			
 
				+             (int) ns->valid_after,
			
 
				+             (int) voting_schedule.live_consensus_valid_after);
			
 
				+    need_to_recalculate_voting_schedule = true;
			
 
				+  }
			
 
				+
			
 
				+ done:
			
 
				+  if (need_to_recalculate_voting_schedule) {
			
 
				+    voting_schedule_recalculate_timing(get_options(), now);
			
 
				     voting_schedule.created_on_demand = 1;
			
 
				   }
			
 
				+
			
 
				   return voting_schedule.interval_starts;
			
 
				 }
			
 
				 
			
--- a/src/or/voting_schedule.h
+++ b/src/or/voting_schedule.h
@@ -43,6 +43,10 @@ typedef struct {
 
				    * timings only for the first vote even though this object was initilized
			
 
				    * prior to voting. */
			
 
				   int created_on_demand;
			
 
				+
			
 
				+  /** The valid-after time of the last live consensus that filled this voting
			
 
				+   *  schedule.  It's used to detect outdated voting schedules. */
			
 
				+  time_t live_consensus_valid_after;
			
 
				 } voting_schedule_t;
			
 
				 
			
 
				 /* Public API. */