r14659@catbus: nickm | 2007-08-18 14:19:34 -0400

 When we are loading state info from disk, never believe any date in the future.  Doing so can keep us from retrying guards, rotating onion keys, storing bandwidth info, etc.  Fixes bug 434, and others. Backport candidate, once it has been tested.


svn:r11166

1 files changed, 6 insertions, 0 deletions

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index fd99c0f519..7dcbf71d29 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2465,6 +2465,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
   entry_guard_t *node = NULL;
   smartlist_t *new_entry_guards = smartlist_create();
   config_line_t *line;
+  time_t now = time(NULL);
 
   *msg = NULL;
   for (line = state->EntryGuards; line; line = line->next) {
@@ -2507,6 +2508,11 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
                           "Bad time in EntryGuardDownSince/UnlistedSince");
         break;
       }
+      if (when > now) {
+        /* It's a bad idea to believe info in the future: you can wind
+         * up with timeouts that aren't allowed to happen for years. */
+        continue;
+      }
       if (strlen(line->value) >= ISO_TIME_LEN+ISO_TIME_LEN+1) {
         /* ignore failure */
         parse_iso_time(line->value+ISO_TIME_LEN+1, &last_try);