diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-03-20 12:54:51 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-03-20 12:54:51 -0400 |
| commit | b06997914207c7877f09736bebb9e500019a0555 (patch) | |
| tree | f8ca57af7a33a80c5e098e99ebfcbfe6d4f9b282 /src/or/hs_service.c | |
| parent | 74c767af29e793749e697eba8a206850b156521e (diff) | |
| parent | 5804ccc9070dc5443f1c6ce565dbf17572812764 (diff) | |
| download | tor-b06997914207c7877f09736bebb9e500019a0555.tar.gz tor-b06997914207c7877f09736bebb9e500019a0555.zip | |
Merge branch 'bug25306_032_01_squashed_v2' into maint-0.3.3
Diffstat (limited to 'src/or/hs_service.c')
| -rw-r--r-- | src/or/hs_service.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 8ae00df48e..169ba0dfc5 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -1513,7 +1513,9 @@ build_all_descriptors(time_t now) * empty, we'll try to build it for the next time period. This only * happens when we rotate meaning that we are guaranteed to have a new SRV * at that point for the next time period. */ - tor_assert(service->desc_current); + if (BUG(service->desc_current == NULL)) { + continue; + } if (service->desc_next == NULL) { build_service_descriptor(service, now, hs_get_next_time_period_num(0), @@ -1930,6 +1932,31 @@ should_rotate_descriptors(hs_service_t *service, time_t now) } if (ns->valid_after >= service->state.next_rotation_time) { + /* In theory, we should never get here with no descriptors. We can never + * have a NULL current descriptor except when tor starts up. The next + * descriptor can be NULL after a rotation but we build a new one right + * after. + * + * So, when tor starts, the next rotation time is set to the start of the + * next SRV period using the consensus valid after time so it should + * always be set to a future time value. This means that we should never + * reach this point at bootup that is this check safeguards tor in never + * allowing a rotation if the valid after time is smaller than the next + * rotation time. + * + * This is all good in theory but we've had a NULL descriptor issue here + * so this is why we BUG() on both with extra logging to try to understand + * how this can possibly happens. We'll simply ignore and tor should + * recover from this by skipping rotation and building the missing + * descriptors just after this. */ + if (BUG(service->desc_current == NULL || service->desc_next == NULL)) { + log_warn(LD_BUG, "Service descriptor is NULL (%p/%p). Next rotation " + "time is %ld (now: %ld). Valid after time from " + "consensus is %ld", + service->desc_current, service->desc_next, + service->state.next_rotation_time, now, ns->valid_after); + goto no_rotation; + } goto rotation; } @@ -1982,9 +2009,6 @@ rotate_all_descriptors(time_t now) continue; } - tor_assert(service->desc_current); - tor_assert(service->desc_next); - log_info(LD_REND, "Time to rotate our descriptors (%p / %p) for %s", service->desc_current, service->desc_next, safe_str_client(service->onion_address)); |