Merge commit 'karsten/fix-1066-3'

2 files changed, 18 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index c5fc5f2ab8..f2d282fda4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,10 @@ Changes in version 0.2.2.6-alpha - 2009-10-??
       have degraded client bootstrapping.  Bugfix on 0.2.0.10-alpha.
       Spotted and fixed by xmux.
     - Fix numerous small code-flaws found by Coverity Scan Rung 3.
+    - If all authorities restart at once right before a consensus vote,
+      nobody will vote about "Running", and clients will get a consensus
+      with no usable relays. Instead, authorities refuse to build a
+      consensus if this happens. Bugfix on 0.2.0.10-alpha; fixes bug 1066.
 
 
 Changes in version 0.2.2.5-alpha - 2009-10-11
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index 5ce3fd2ca7..65d7c477eb 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -2304,7 +2304,7 @@ static int
 dirvote_compute_consensuses(void)
 {
   /* Have we got enough votes to try? */
-  int n_votes, n_voters;
+  int n_votes, n_voters, n_vote_running = 0;
   smartlist_t *votes = NULL, *votestrings = NULL;
   char *consensus_body = NULL, *signatures = NULL, *votefile;
   networkstatus_t *consensus = NULL;
@@ -2324,6 +2324,19 @@ dirvote_compute_consensuses(void)
              "%d of %d", n_votes, n_voters/2);
     goto err;
   }
+  tor_assert(pending_vote_list);
+  SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, {
+    if (smartlist_string_isin(v->vote->known_flags, "Running"))
+      n_vote_running++;
+  });
+  if (!n_vote_running) {
+    /* See task 1066. */
+    log_warn(LD_DIR, "Nobody has voted on the Running flag. Generating "
+                     "and publishing a consensus without Running nodes "
+                     "would make many clients stop working. Not "
+                     "generating a consensus!");
+    goto err;
+  }
 
   if (!(my_cert = get_my_v3_authority_cert())) {
     log_warn(LD_DIR, "Can't generate consensus without a certificate.");