r14659@catbus: nickm | 2007-08-18 14:19:34 -0400

 When we are loading state info from disk, never believe any date in the future.  Doing so can keep us from retrying guards, rotating onion keys, storing bandwidth info, etc.  Fixes bug 434, and others. Backport candidate, once it has been tested.


svn:r11166

1 files changed, 6 insertions, 2 deletions

diff --git a/src/or/router.c b/src/or/router.c
index 135c115d1d..2c165a7aa8 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -332,6 +332,7 @@ init_keys(void)
   or_options_t *options = get_options();
   or_state_t *state = get_or_state();
   authority_type_t type;
+  time_t now = time(NULL);
 
   if (!key_lock)
     key_lock = tor_mutex_new();
@@ -389,14 +390,17 @@ init_keys(void)
   prkey = init_key_from_file(keydir, 1, LOG_ERR);
   if (!prkey) return -1;
   set_onion_key(prkey);
-  if (state->LastRotatedOnionKey > 100) { /* allow for some parsing slop. */
+  if (state->LastRotatedOnionKey > 100 && state->LastRotatedOnionKey < now) {
+    /* We allow for some parsing slop, but we don't want to risk accepting
+     * values in the distant future.  If we did, we might never rotate the
+     * onion key. */
     onionkey_set_at = state->LastRotatedOnionKey;
   } else {
     /* We have no LastRotatedOnionKey set; either we just created the key
      * or it's a holdover from 0.1.2.4-alpha-dev or earlier.  In either case,
      * start the clock ticking now so that we will eventually rotate it even
      * if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
-    state->LastRotatedOnionKey = onionkey_set_at = time(NULL);
+    state->LastRotatedOnionKey = onionkey_set_at = now;
     or_state_mark_dirty(state, options->AvoidDiskWrites ? time(NULL)+3600 : 0);
   }