Warn when the system clock is set back in time

Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.

2 files changed, 17 insertions, 0 deletions

diff --git a/changes/warn-when-time-goes-backwards b/changes/warn-when-time-goes-backwards
new file mode 100644
index 0000000000..d7e584d9ff
--- /dev/null
+++ b/changes/warn-when-time-goes-backwards
@@ -0,0 +1,5 @@
+  o Minor features (security, clock):
+    - Warn when the system clock is set back in time (when the
+      state file was last written in the future). Tor doesn't know
+      that consensuses have expired if the clock is in the past.
+      Patch by "teor". Implements ticket #17188.
diff --git a/src/or/statefile.c b/src/or/statefile.c
index dd1894beb7..a904c411f4 100644
--- a/src/or/statefile.c
+++ b/src/or/statefile.c
@@ -372,6 +372,18 @@ or_state_load(void)
     new_state = or_state_new();
   } else if (contents) {
     log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
+    /* Warn the user if their clock has been set backwards,
+     * they could be tricked into using old consensuses */
+    if (new_state->LastWritten > time(NULL)) {
+      char last_written_str[ISO_TIME_LEN+1];
+      char now_str[ISO_TIME_LEN+1];
+      format_iso_time(last_written_str, new_state->LastWritten),
+      format_iso_time(now_str, time(NULL));
+      log_warn(LD_GENERAL, "Your system clock has been set back in time. "
+               "Tor needs an accurate clock to know when the consensus "
+               "expires. Clock time is %s, state file time is %s.",
+               now_str, last_written_str);
+    }
   } else {
     log_info(LD_GENERAL, "Initialized state");
   }