Warn when the system clock is set back in time

Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.

changes/warn-when-time-goes-backwards

@@ -0,0 +1,5 @@
+  o Minor features (security, clock):
+    - Warn when the system clock is set back in time (when the
+      state file was last written in the future). Tor doesn't know
+      that consensuses have expired if the clock is in the past.
+      Patch by "teor". Implements ticket #17188.

src/or/statefile.c

@@ -372,6 +372,18 @@ or_state_load(void)
     new_state = or_state_new();
   } else if (contents) {
     log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
+    /* Warn the user if their clock has been set backwards,
+     * they could be tricked into using old consensuses */
+    if (new_state->LastWritten > time(NULL)) {
+      char last_written_str[ISO_TIME_LEN+1];
+      char now_str[ISO_TIME_LEN+1];
+      format_iso_time(last_written_str, new_state->LastWritten),
+      format_iso_time(now_str, time(NULL));
+      log_warn(LD_GENERAL, "Your system clock has been set back in time. "
+               "Tor needs an accurate clock to know when the consensus "
+               "expires. Clock time is %s, state file time is %s.",
+               now_str, last_written_str);
+    }
   } else {
     log_info(LD_GENERAL, "Initialized state");
   }