Actually check for missing protocols and exit as appropriate.

This commit is contained in:
Nick Mathewson 2016-08-19 17:45:08 -04:00
parent cca1e0acff
commit 7f718c46f3

View File

@ -1552,6 +1552,31 @@ networkstatus_set_current_consensus_from_ns(networkstatus_t *c,
} }
#endif //TOR_UNIT_TESTS #endif //TOR_UNIT_TESTS
/** Called when we have received a networkstatus <b>c</b>. If there are
* any _required_ protocols we are missing, log an error and exit
* immediately. If there are any _recommended_ protocols we are missing,
* warn. */
static void
handle_missing_protocol_warning(const networkstatus_t *c,
const or_options_t *options)
{
char *protocol_warning = NULL;
int should_exit = networkstatus_check_required_protocols(c,
!server_mode(options),
&protocol_warning);
if (protocol_warning) {
tor_log(should_exit ? LOG_ERR : LOG_WARN,
LD_GENERAL,
"%s", protocol_warning);
}
if (should_exit) {
tor_assert_nonfatal(protocol_warning);
}
tor_free(protocol_warning);
if (should_exit)
exit(1);
}
/** Try to replace the current cached v3 networkstatus with the one in /** Try to replace the current cached v3 networkstatus with the one in
* <b>consensus</b>. If we don't have enough certificates to validate it, * <b>consensus</b>. If we don't have enough certificates to validate it,
* store it in consensus_waiting_for_certs and launch a certificate fetch. * store it in consensus_waiting_for_certs and launch a certificate fetch.
@ -1595,6 +1620,7 @@ networkstatus_set_current_consensus(const char *consensus,
time_t current_valid_after = 0; time_t current_valid_after = 0;
int free_consensus = 1; /* Free 'c' at the end of the function */ int free_consensus = 1; /* Free 'c' at the end of the function */
int old_ewma_enabled; int old_ewma_enabled;
int checked_protocols_already = 0;
if (flav < 0) { if (flav < 0) {
/* XXXX we don't handle unrecognized flavors yet. */ /* XXXX we don't handle unrecognized flavors yet. */
@ -1610,6 +1636,16 @@ networkstatus_set_current_consensus(const char *consensus,
goto done; goto done;
} }
if (from_cache && !was_waiting_for_certs) {
/* We previously stored this; check _now_ to make sure that version-kills
* really work. This happens even before we check signatures: we did so
* before when we stored this to disk. This does mean an attacker who can
* write to the datadir can make us not start: such an attacker could
* already harm us by replacing our guards, which would be worse. */
checked_protocols_already = 1;
handle_missing_protocol_warning(c, options);
}
if ((int)c->flavor != flav) { if ((int)c->flavor != flav) {
/* This wasn't the flavor we thought we were getting. */ /* This wasn't the flavor we thought we were getting. */
if (require_flavor) { if (require_flavor) {
@ -1735,6 +1771,10 @@ networkstatus_set_current_consensus(const char *consensus,
if (!from_cache && flav == usable_consensus_flavor()) if (!from_cache && flav == usable_consensus_flavor())
control_event_client_status(LOG_NOTICE, "CONSENSUS_ARRIVED"); control_event_client_status(LOG_NOTICE, "CONSENSUS_ARRIVED");
if (!checked_protocols_already) {
handle_missing_protocol_warning(c, options);
}
/* Are we missing any certificates at all? */ /* Are we missing any certificates at all? */
if (r != 1 && dl_certs) if (r != 1 && dl_certs)
authority_certs_fetch_missing(c, now, source_dir); authority_certs_fetch_missing(c, now, source_dir);