diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-03-11 13:03:25 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-03-11 23:27:53 -0500 |
| commit | 3a0c6021556abc96f4c610d5e097e3890216595f (patch) | |
| tree | d17c12c463cf9bee5eb88d00caee8521aa45a4a7 | |
| parent | f7a3cdc8f27c2306cf06d742af63846c82ebdc56 (diff) | |
| download | tor-3a0c6021556abc96f4c610d5e097e3890216595f.tar.gz tor-3a0c6021556abc96f4c610d5e097e3890216595f.zip | |
Clarify threat description and avoid negative uptimes.
| -rw-r--r-- | changes/hsdir_assignment | 7 | ||||
| -rw-r--r-- | src/or/rephist.c | 2 |
2 files changed, 5 insertions, 4 deletions
diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment index ba019901ee..5c04b9b9bb 100644 --- a/changes/hsdir_assignment +++ b/changes/hsdir_assignment @@ -2,6 +2,7 @@ - Directory authorities now use data collected from rephist when choosing whether to assign the HSDir flag to relays, instead of trusting the uptime value the relay reports in its descriptor. - This helps prevent an attack where relatively few malaicious - nodes can blackhole any given hidden service. Bugfix on - 0.2.0.10-alpha; fixes bug 2709. + This helps prevent an attack where a small set of nodes with + frequently-changing identity keys can blackhole a hidden service. + (Only authorities need upgrade; others will be fine once they do.) + Bugfix on 0.2.0.10-alpha; fixes bug 2709. diff --git a/src/or/rephist.c b/src/or/rephist.c index 69001de839..e4afe62b67 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -537,7 +537,7 @@ rep_hist_get_uptime(const char *id, time_t when) or_history_t *hist = get_or_history(id); if (!hist) return 0; - if (!hist->start_of_run) + if (!hist->start_of_run || when < hist->start_of_run) return 0; return when - hist->start_of_run; } |