Merge branch 'ticket31343_029' into ticket31343_035

bc9492a9 · Nick Mathewson · 1dd95278 · 0849d2a2 · bc9492a9 · bc9492a9
Commit bc9492a9 authored Aug 06, 2019 by Nick Mathewson 🏃
--- a/changes/bug31343
+++ b/changes/bug31343
+  o Minor bugfixes (compilation):
+    - Avoid using labs() on time_t, which can cause compilation warnings
+      on 64-bit Windows builds.  Fixes bug 31343; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (clock skew detection):
+    - Don't believe clock skew results from NETINFO cells that appear to
+      arrive before the VERSIONS cells they are responding to were sent.
+      Previously, we would accept them up to 3 minutes "in the past".
+      Fixes bug 31343; bugfix on 0.2.4.4-alpha.
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -1637,7 +1637,19 @@ channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan)
 }

 /**
- * Process a 'netinfo' cell.
+ * Helper: compute the absolute value of a time_t.
+ *
+ * (we need this because labs() doesn't always work for time_t, since
+ * long can be shorter than time_t.)
+ */
+static inline time_t
+time_abs(time_t val)
+{
+  return (val < 0) ? -val : val;
+}
+
+/**
+ * Process a 'netinfo' cell
 *
 * This function is called to handle an incoming NETINFO cell; read and act
 * on its contents, and set the connection state to "open".
@@ -1654,7 +1666,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
  time_t now = time(NULL);
  const routerinfo_t *me = router_get_my_routerinfo();

-  long apparent_skew = 0;
+  time_t apparent_skew = 0;
  tor_addr_t my_apparent_addr = TOR_ADDR_NULL;
  int started_here = 0;
  const char *identity_digest = NULL;
@@ -1721,7 +1733,11 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)

  /* Decode the cell. */
  timestamp = ntohl(get_uint32(cell->payload));
-  if (labs(now - chan->conn->handshake_state->sent_versions_at) < 180) {
+  const time_t sent_versions_at =
+    chan->conn->handshake_state->sent_versions_at;
+  if (now > sent_versions_at && (now - sent_versions_at) < 180) {
+    /* If we have gotten the NETINFO cell reasonably soon after having
+     * sent our VERSIONS cell, maybe we can learn skew information from it. */
    apparent_skew = now - timestamp;
  }

@@ -1801,7 +1817,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
  /* Act on apparent skew. */
  /** Warn when we get a netinfo skew with at least this value. */
 #define NETINFO_NOTICE_SKEW 3600
-  if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
+  if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW &&
      (started_here ||
       connection_or_digest_is_known_relay(chan->conn->identity_digest))) {
    int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);