[tor-bugs] #24815 [Core Tor/Tor]: Validate shared random state dates before each voting period
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 17 15:10:15 UTC 2018
#24815: Validate shared random state dates before each voting period
-------------------------------------------------+-------------------------
Reporter: teor | Owner: dgoulet
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.9.1-alpha
Severity: Normal | Resolution:
Keywords: tor-sr, tor-ddos, 031-backport, | Actual Points:
032-backport |
Parent ID: | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by asn):
Replying to [comment:8 teor]:
> The bug is in get_state_valid_until_time():
> {{{
> voting_interval = get_voting_interval();
> /* Find the time the current round started. */
> beginning_of_current_round = get_start_time_of_current_round();
>
> /* Find how many rounds are left till the end of the protocol run */
> current_round = (now / voting_interval) % total_rounds;
> rounds_left = total_rounds - current_round;
>
> /* To find the valid-until time now, take the start time of the
current
> * round and add to it the time it takes for the leftover rounds to
> * complete. */
> valid_until = beginning_of_current_round + (rounds_left *
voting_interval);
> }}}
>
> If rounds_left is zero, then valid_until is beginning_of_current_round.
Hmm that was a pretty good hypothesis. However, can `rounds_left` actually
be 0? Due to the modulo in the `current_round` calculation, it's
guaranteed that `current_round` will be between 0 and `total_rounds-1`, so
`rounds_left` can never be 0.
Pretty close, but I think the current bug argument won't work exactly as
is.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24815#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list