#24815: Validate shared random state dates before each voting period
 Reporter:  teor                                 |          Owner:  dgoulet
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-sr, tor-ddos, 031-backport,      |  Actual Points:
  032-backport                                   |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
Changes (by teor):

 * status:  needs_information => new
 * keywords:  tor-sr, tor-ddos => tor-sr, tor-ddos, 031-backport,


 I had a quick look.
 This warning:
 [info] disk_state_validate: SR: Disk state valid after/until times are
 happens when:
   /* Make sure we don't have a valid after time that is earlier than a
    * until time which would make things not work well. */
   if (state->ValidAfter >= state->ValidUntil) {
     log_info(LD_DIR, "SR: Disk state valid after/until times are
     goto invalid;

 The bug is in get_state_valid_until_time():
   voting_interval = get_voting_interval();
   /* Find the time the current round started. */
   beginning_of_current_round = get_start_time_of_current_round();

   /* Find how many rounds are left till the end of the protocol run */
   current_round = (now / voting_interval) % total_rounds;
   rounds_left = total_rounds - current_round;

   /* To find the valid-until time now, take the start time of the current
    * round and add to it the time it takes for the leftover rounds to
    * complete. */
   valid_until = beginning_of_current_round + (rounds_left *

 If rounds_left is zero, then valid_until is beginning_of_current_round.
 But ValidAfter is set to now in disk_state_new(), which can be after

 This is probably a backport candidate, because if all the authorities ever
 have to restart near the end of a SR cycle, we could lose the SR for that
 cycle. Fortunately, it only affects voting, so we don't have to worry
 about breaking consensus.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24815#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to