[tor-commits] [tor/master] Clarify threat description and avoid negative uptimes.
nickm at torproject.org
nickm at torproject.org
Sat Mar 12 04:35:12 UTC 2011
commit 3a0c6021556abc96f4c610d5e097e3890216595f
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Mar 11 13:03:25 2011 -0500
Clarify threat description and avoid negative uptimes.
---
changes/hsdir_assignment | 7 ++++---
src/or/rephist.c | 2 +-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment
index ba01990..5c04b9b 100644
--- a/changes/hsdir_assignment
+++ b/changes/hsdir_assignment
@@ -2,6 +2,7 @@
- Directory authorities now use data collected from rephist when
choosing whether to assign the HSDir flag to relays, instead of
trusting the uptime value the relay reports in its descriptor.
- This helps prevent an attack where relatively few malaicious
- nodes can blackhole any given hidden service. Bugfix on
- 0.2.0.10-alpha; fixes bug 2709.
+ This helps prevent an attack where a small set of nodes with
+ frequently-changing identity keys can blackhole a hidden service.
+ (Only authorities need upgrade; others will be fine once they do.)
+ Bugfix on 0.2.0.10-alpha; fixes bug 2709.
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 69001de..e4afe62 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -537,7 +537,7 @@ rep_hist_get_uptime(const char *id, time_t when)
or_history_t *hist = get_or_history(id);
if (!hist)
return 0;
- if (!hist->start_of_run)
+ if (!hist->start_of_run || when < hist->start_of_run)
return 0;
return when - hist->start_of_run;
}
More information about the tor-commits
mailing list