Don't expand guard sample set unless consensus is "reasonably live"

Fixes what I think is the main root cause of 22400. Bugfix on
0.3.0.1-alpha.

2 files changed, 19 insertions, 0 deletions

diff --git a/changes/bug22400_01 b/changes/bug22400_01
new file mode 100644
index 0000000000..454c5f746f
--- /dev/null
+++ b/changes/bug22400_01
@@ -0,0 +1,4 @@
+  o Major bugfixes (entry guards):
+    - When starting with an old consensus, do not add new entry guards
+      unless the consensus is "reasonably live" (under 1 day old). Fixes
+      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 5b5e13bced..34dfdcef15 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -1104,6 +1104,21 @@ entry_guards_expand_sample(guard_selection_t *gs)
 {
   tor_assert(gs);
   const or_options_t *options = get_options();
+
+  if (gs->type != GS_TYPE_BRIDGE) {
+    networkstatus_t *consensus = networkstatus_get_latest_consensus();
+    time_t now = approx_time();
+    if (consensus == NULL) {
+      log_info(LD_GUARD, "Not expanding the sample guard set; we have "
+               "no consensus.");
+      return NULL;
+    } else if (!networkstatus_consensus_reasonably_live(consensus, now)) {
+      log_info(LD_GUARD, "Not expanding the sample guard set; we have "
+               "a consensus, but it is far too old.");
+      return NULL;
+    }
+  }
+
   int n_sampled = smartlist_len(gs->sampled_entry_guards);
   entry_guard_t *added_guard = NULL;
   int n_usable_filtered_guards = num_reachable_filtered_guards(gs, NULL);