Merge branch 'asn_bug24977_final_squashed' into maint-0.3.4

2024-11-10 21:23:58 +01:00 · 2018-06-20 08:02:27 -04:00 · 2018-06-20 08:02:27 -04:00 · 7b9cd5cca5
commit 7b9cd5cca5
parent 4971d7afa6 1f1a57b8d0
6 changed files with 76 additions and 7 deletions
--- a/changes/bug24977
+++ b/changes/bug24977
@ -0,0 +1,5 @@
+  o Minor bugfixes (onion services):
+    - Recompute some consensus information after clock skews or when we
+      transition from a non-live consensus to a live consensus. We do this to
+      avoid having an outdated state which could impact next-generation onion
+      services. Fixes bug 24977; bugfix on 0.3.2.1-alpha.
--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@ -1332,15 +1332,20 @@ hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk,

  sorted_nodes = smartlist_new();

-  /* Add every node_t that support HSDir v3 for which we do have a valid
-   * hsdir_index already computed for them for this consensus. */
-  {
-    networkstatus_t *c = networkstatus_get_latest_consensus();
+  /* Make sure we actually have a live consensus */
+  networkstatus_t *c = networkstatus_get_live_consensus(approx_time());
  if (!c || smartlist_len(c->routerstatus_list) == 0) {
-      log_warn(LD_REND, "No valid consensus so we can't get the responsible "
+      log_warn(LD_REND, "No live consensus so we can't get the responsible "
               "hidden service directories.");
      goto done;
  }
+
+  /* Ensure the nodelist is fresh, since it contains the HSDir indices. */
+  nodelist_ensure_freshness(c);
+
+  /* Add every node_t that support HSDir v3 for which we do have a valid
+   * hsdir_index already computed for them for this consensus. */
+  {
    SMARTLIST_FOREACH_BEGIN(c->routerstatus_list, const routerstatus_t *, rs) {
      /* Even though this node_t object won't be modified and should be const,
       * we can't add const object in a smartlist_t. */
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@ -113,6 +113,11 @@ typedef struct nodelist_t {

  /* Set of addresses that belong to nodes we believe in. */
  address_set_t *node_addrs;
+
+  /* The valid-after time of the last live consensus that initialized the
+   * nodelist.  We use this to detect outdated nodelists that need to be
+   * rebuilt using a newer consensus. */
+  time_t live_consensus_valid_after;
 } nodelist_t;

 static inline unsigned int
@ -630,6 +635,12 @@ nodelist_set_consensus(networkstatus_t *ns)
      }
    } SMARTLIST_FOREACH_END(node);
  }
+
+  /* If the consensus is live, note down the consensus valid-after that formed
+   * the nodelist. */
+  if (networkstatus_is_live(ns, approx_time())) {
+    the_nodelist->live_consensus_valid_after = ns->valid_after;
+  }
 }

 /** Helper: return true iff a node has a usable amount of information*/
@ -854,6 +865,25 @@ nodelist_assert_ok(void)
  digestmap_free(dm, NULL);
 }

+/** Ensure that the nodelist has been created with the most recent consensus.
+ *  If that's not the case, make it so.  */
+void
+nodelist_ensure_freshness(networkstatus_t *ns)
+{
+  tor_assert(ns);
+
+  /* We don't even have a nodelist: this is a NOP. */
+  if (!the_nodelist) {
+    return;
+  }
+
+  if (the_nodelist->live_consensus_valid_after != ns->valid_after) {
+    log_info(LD_GENERAL, "Nodelist was not fresh: rebuilding. (%d / %d)",
+             (int) the_nodelist->live_consensus_valid_after,
+             (int) ns->valid_after);
+    nodelist_set_consensus(ns);
+  }
+}
 /** Return a list of a node_t * for every node we know about.  The caller
 * MUST NOT modify the list. (You can set and clear flags in the nodes if
 * you must, but you must not add or remove nodes.) */
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@ -29,6 +29,7 @@ const node_t *node_get_by_hex_id(const char *identity_digest,
 node_t *nodelist_set_routerinfo(routerinfo_t *ri, routerinfo_t **ri_old_out);
 node_t *nodelist_add_microdesc(microdesc_t *md);
 void nodelist_set_consensus(networkstatus_t *ns);
+void nodelist_ensure_freshness(networkstatus_t *ns);
 int nodelist_probably_contains_address(const tor_addr_t *addr);

 void nodelist_remove_microdesc(const char *identity_digest, microdesc_t *md);
--- a/src/or/voting_schedule.c
+++ b/src/or/voting_schedule.c
@ -83,6 +83,10 @@ get_voting_schedule(const or_options_t *options, time_t now, int severity)
    interval = (int)( consensus->fresh_until - consensus->valid_after );
    vote_delay = consensus->vote_seconds;
    dist_delay = consensus->dist_seconds;
+
+    /* Note down the consensus valid after, so that we detect outdated voting
+     * schedules in case of skewed clocks etc. */
+    new_voting_schedule->live_consensus_valid_after = consensus->valid_after;
  } else {
    interval = options->TestingV3AuthInitialVotingInterval;
    vote_delay = options->TestingV3AuthInitialVoteDelay;
@ -138,14 +142,34 @@ voting_schedule_t voting_schedule;
 time_t
 voting_schedule_get_next_valid_after_time(void)
 {
+  time_t now = approx_time();
+  bool need_to_recalculate_voting_schedule = false;
+
  /* This is a safe guard in order to make sure that the voting schedule
   * static object is at least initialized. Using this function with a zeroed
   * voting schedule can lead to bugs. */
  if (tor_mem_is_zero((const char *) &voting_schedule,
                      sizeof(voting_schedule))) {
-    voting_schedule_recalculate_timing(get_options(), time(NULL));
+    need_to_recalculate_voting_schedule = true;
+    goto done; /* no need for next check if we have to recalculate anyway */
+  }
+
+  /* Also make sure we are not using an outdated voting schedule. If we have a
+   * newer consensus, make sure we recalculate the voting schedule. */
+  const networkstatus_t *ns = networkstatus_get_live_consensus(now);
+  if (ns && ns->valid_after != voting_schedule.live_consensus_valid_after) {
+    log_info(LD_DIR, "Voting schedule is outdated: recalculating (%d/%d)",
+             (int) ns->valid_after,
+             (int) voting_schedule.live_consensus_valid_after);
+    need_to_recalculate_voting_schedule = true;
+  }
+
+ done:
+  if (need_to_recalculate_voting_schedule) {
+    voting_schedule_recalculate_timing(get_options(), now);
    voting_schedule.created_on_demand = 1;
  }
+
  return voting_schedule.interval_starts;
 }

--- a/src/or/voting_schedule.h
+++ b/src/or/voting_schedule.h
@ -43,6 +43,10 @@ typedef struct {
   * timings only for the first vote even though this object was initilized
   * prior to voting. */
  int created_on_demand;
+
+  /** The valid-after time of the last live consensus that filled this voting
+   *  schedule.  It's used to detect outdated voting schedules. */
+  time_t live_consensus_valid_after;
 } voting_schedule_t;

 /* Public API. */