r15961@catbus: nickm | 2007-10-19 12:40:15 -0400

Learn the difference between "mismatched vote digest" and "mismatched vote times": the latter is more informative.


svn:r12049

ChangeLog

@@ -51,9 +51,12 @@ Changes in version 0.2.0.9-alpha - 2007-10-??
       listing.
     - Treat missing v3 keys or certificates as an error when running as a
       v3 directory authority.
-
     - If an authority doesn't have a qualified hostname, just put its address
-      in the 
+      in the vote.  This fixes the problem where we referred to "moria on
+      moria:9031."
+    - Distinguish between detached signatures for the wrong period, and
+      detached signatures for a divergent vote.
+
 
   o Minor bugfixes (v3 directory protocol)
     - Delete unverified-consensus when the real consensus is set.

src/or/dirvote.c

@@ -810,17 +810,36 @@ networkstatus_check_consensus_signature(networkstatus_vote_t *consensus,
  * document as <b>target</b>. */
 int
 networkstatus_add_detached_signatures(networkstatus_vote_t *target,
-                                      ns_detached_signatures_t *sigs)
+                                      ns_detached_signatures_t *sigs,
+                                      const char **msg_out)
 {
   int r = 0;
   tor_assert(sigs);
   tor_assert(target);
   tor_assert(!target->is_vote);
 
+  /* Do the times seem right? */
+  if (target->valid_after != sigs->valid_after) {
+    *msg_out = "Valid-After times do not match "
+      "when adding detached signatures to consensus";
+    return -1;
+  }
+  if (target->fresh_until != sigs->fresh_until) {
+    *msg_out = "Fresh-until times do not match "
+      "when adding detached signatures to consensus";
+    return -1;
+  }
+  if (target->valid_until != sigs->valid_until) {
+    *msg_out = "Valid-until times do not match "
+      "when adding detached signatures to consensus";
+    return -1;
+  }
   /* Are they the same consensus? */
   if (memcmp(target->networkstatus_digest, sigs->networkstatus_digest,
-             DIGEST_LEN))
+             DIGEST_LEN)) {
+    *msg_out = "Digest mismatch when adding detached signatures to consensus";
     return -1;
+  }
 
   /* For each voter in src... */
   SMARTLIST_FOREACH(sigs->signatures, networkstatus_voter_info_t *, src_voter,
@@ -1612,7 +1631,7 @@ dirvote_add_signatures_to_pending_consensus(
   }
 
   r = networkstatus_add_detached_signatures(pending_consensus,
-                                            sigs);
+                                            sigs, msg_out);
 
   if (r >= 0) {
     char *new_detached =
@@ -1644,7 +1663,7 @@ dirvote_add_signatures_to_pending_consensus(
     pending_consensus_signatures = new_detached;
     *msg_out = "Signatures added";
   } else {
-    *msg_out = "Digest mismatch when adding detached signatures";
+    goto err;
   }
 
   goto done;

src/or/or.h

@@ -2919,7 +2919,8 @@ networkstatus_voter_info_t *networkstatus_get_voter_by_id(
 int networkstatus_check_consensus_signature(networkstatus_vote_t *consensus,
                                             int warn);
 int networkstatus_add_detached_signatures(networkstatus_vote_t *target,
-                                          ns_detached_signatures_t *sigs);
+                                          ns_detached_signatures_t *sigs,
+                                          const char **msg_out);
 char *networkstatus_get_detached_signatures(networkstatus_vote_t *consensus);
 void ns_detached_signatures_free(ns_detached_signatures_t *s);
 

src/or/test.c

@@ -2757,6 +2757,7 @@ test_v3_networkstatus(void)
     networkstatus_vote_t *con2, *con3;
     char *detached_text1, *detached_text2;
     ns_detached_signatures_t *dsig1, *dsig2;
+    const char *msg=NULL;
     /* Compute the other two signed consensuses. */
     smartlist_shuffle(votes);
     consensus_text2 = networkstatus_compute_consensus(votes, 3,
@@ -2799,7 +2800,7 @@ test_v3_networkstatus(void)
 
     /* Try adding it to con2. */
     detached_text2 = networkstatus_get_detached_signatures(con2);
-    test_eq(1, networkstatus_add_detached_signatures(con2, dsig1));
+    test_eq(1, networkstatus_add_detached_signatures(con2, dsig1, &msg));
     tor_free(detached_text2);
     detached_text2 = networkstatus_get_detached_signatures(con2);
     //printf("\n<%s>\n", detached_text2);
@@ -2816,10 +2817,10 @@ test_v3_networkstatus(void)
     test_eq(2, smartlist_len(dsig2->signatures));
 
     /* Try adding to con2 twice; verify that nothing changes. */
-    test_eq(0, networkstatus_add_detached_signatures(con2, dsig1));
+    test_eq(0, networkstatus_add_detached_signatures(con2, dsig1, &msg));
 
     /* Add to con. */
-    test_eq(2, networkstatus_add_detached_signatures(con, dsig2));
+    test_eq(2, networkstatus_add_detached_signatures(con, dsig2, &msg));
     /* Check signatures */
     test_assert(!networkstatus_check_voter_signature(con,
                                                smartlist_get(con->voters, 0),