summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-05-11 18:15:43 -0400
committerNick Mathewson <nickm@torproject.org>2018-05-11 18:15:43 -0400
commitaab626405c312a33d521c9ca3729552fd9ccca2e (patch)
treef4b833bd3818a48b7a642ff5066ca0ec4ccfc0bb /src/or
parentb3e591dca1a7343a49bc949e8f75a242efb7fb72 (diff)
parentde343b4e421c0c651eaac1d52d23c3c792bee73a (diff)
downloadtor-aab626405c312a33d521c9ca3729552fd9ccca2e.tar.gz
tor-aab626405c312a33d521c9ca3729552fd9ccca2e.zip
Merge remote-tracking branch 'catalyst-github/bug25756'
Diffstat (limited to 'src/or')
-rw-r--r--src/or/connection.c8
-rw-r--r--src/or/connection.h7
-rw-r--r--src/or/networkstatus.c71
-rw-r--r--src/or/networkstatus.h2
4 files changed, 62 insertions, 26 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index 3462dbeac2..5185b45b14 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -5234,10 +5234,10 @@ connection_free_all(void)
* that we had more faith in and therefore the warning level should have higher
* severity.
*/
-void
-clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted,
- log_domain_mask_t domain, const char *received,
- const char *source)
+MOCK_IMPL(void,
+clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
+ log_domain_mask_t domain, const char *received,
+ const char *source))
{
char dbuf[64];
char *ext_source = NULL, *warn = NULL;
diff --git a/src/or/connection.h b/src/or/connection.h
index a2dce2435f..ad3129c9d8 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -254,9 +254,10 @@ void assert_connection_ok(connection_t *conn, time_t now);
int connection_or_nonopen_was_started_here(or_connection_t *conn);
void connection_dump_buffer_mem_stats(int severity);
-void clock_skew_warning(const connection_t *conn, long apparent_skew,
- int trusted, log_domain_mask_t domain,
- const char *received, const char *source);
+MOCK_DECL(void, clock_skew_warning,
+ (const connection_t *conn, long apparent_skew, int trusted,
+ log_domain_mask_t domain, const char *received,
+ const char *source));
/** Check if a connection is on the way out so the OOS handler doesn't try
* to kill more than it needs. */
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index b7443b4c7a..998eaf74e6 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1733,6 +1733,57 @@ handle_missing_protocol_warning(const networkstatus_t *c,
handle_missing_protocol_warning_impl(c, 1);
}
+/**
+ * Check whether we received a consensus that appears to be coming
+ * from the future. Because we implicitly trust the directory
+ * authorities' idea of the current time, we produce a warning if we
+ * get an early consensus.
+ *
+ * If we got a consensus that is time stamped far in the past, that
+ * could simply have come from a stale cache. Possible ways to get a
+ * consensus from the future can include:
+ *
+ * - enough directory authorities have wrong clocks
+ * - directory authorities collude to produce misleading time stamps
+ * - our own clock is wrong (this is by far the most likely)
+ *
+ * We neglect highly improbable scenarios that involve actual time
+ * travel.
+ */
+STATIC void
+warn_early_consensus(const networkstatus_t *c, const char *flavor,
+ time_t now)
+{
+ char tbuf[ISO_TIME_LEN+1];
+ char dbuf[64];
+ long delta = now - c->valid_after;
+ char *flavormsg = NULL;
+
+/** If a consensus appears more than this many seconds before it could
+ * possibly be a sufficiently-signed consensus, declare that our clock
+ * is skewed. */
+#define EARLY_CONSENSUS_NOTICE_SKEW 60
+
+ /* We assume that if a majority of dirauths have accurate clocks,
+ * the earliest that a dirauth with a skewed clock could possibly
+ * publish a sufficiently-signed consensus is (valid_after -
+ * dist_seconds). Before that time, the skewed dirauth would be
+ * unable to obtain enough authority signatures for the consensus to
+ * be valid. */
+ if (now >= c->valid_after - c->dist_seconds - EARLY_CONSENSUS_NOTICE_SKEW)
+ return;
+
+ format_iso_time(tbuf, c->valid_after);
+ format_time_interval(dbuf, sizeof(dbuf), delta);
+ log_warn(LD_GENERAL, "Our clock is %s behind the time published in the "
+ "consensus network status document (%s UTC). Tor needs an "
+ "accurate clock to work correctly. Please check your time and "
+ "date settings!", dbuf, tbuf);
+ tor_asprintf(&flavormsg, "%s flavor consensus", flavor);
+ clock_skew_warning(NULL, delta, 1, LD_GENERAL, flavormsg, "CONSENSUS");
+ tor_free(flavormsg);
+}
+
/** Try to replace the current cached v3 networkstatus with the one in
* <b>consensus</b>. If we don't have enough certificates to validate it,
* store it in consensus_waiting_for_certs and launch a certificate fetch.
@@ -2035,25 +2086,7 @@ networkstatus_set_current_consensus(const char *consensus,
write_str_to_file(consensus_fname, consensus, 0);
}
-/** If a consensus appears more than this many seconds before its declared
- * valid-after time, declare that our clock is skewed. */
-#define EARLY_CONSENSUS_NOTICE_SKEW 60
-
- if (now < c->valid_after - EARLY_CONSENSUS_NOTICE_SKEW) {
- char tbuf[ISO_TIME_LEN+1];
- char dbuf[64];
- long delta = now - c->valid_after;
- char *flavormsg = NULL;
- format_iso_time(tbuf, c->valid_after);
- format_time_interval(dbuf, sizeof(dbuf), delta);
- log_warn(LD_GENERAL, "Our clock is %s behind the time published in the "
- "consensus network status document (%s UTC). Tor needs an "
- "accurate clock to work correctly. Please check your time and "
- "date settings!", dbuf, tbuf);
- tor_asprintf(&flavormsg, "%s flavor consensus", flavor);
- clock_skew_warning(NULL, delta, 1, LD_GENERAL, flavormsg, "CONSENSUS");
- tor_free(flavormsg);
- }
+ warn_early_consensus(c, flavor, now);
/* We got a new consesus. Reset our md fetch fail cache */
microdesc_reset_outdated_dirservers_list();
diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h
index 6a7a42f911..94f85c3c29 100644
--- a/src/or/networkstatus.h
+++ b/src/or/networkstatus.h
@@ -151,6 +151,8 @@ void vote_routerstatus_free_(vote_routerstatus_t *rs);
#ifdef TOR_UNIT_TESTS
STATIC int networkstatus_set_current_consensus_from_ns(networkstatus_t *c,
const char *flavor);
+STATIC void warn_early_consensus(const networkstatus_t *c, const char *flavor,
+ time_t now);
extern networkstatus_t *current_ns_consensus;
extern networkstatus_t *current_md_consensus;
#endif /* defined(TOR_UNIT_TESTS) */