Warn when the system clock is set back in time

Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.

diff --git a/changes/warn-when-time-goes-backwards b/changes/warn-when-time-goes-backwards
new file mode 100644 (file)
index 0000000..d7e584d
--- /dev/null
+++ b/changes/warn-when-time-goes-backwards
@@ -0,0 +1,5 @@
+  o Minor features (security, clock):
+    - Warn when the system clock is set back in time (when the
+      state file was last written in the future). Tor doesn't know
+      that consensuses have expired if the clock is in the past.
+      Patch by "teor". Implements ticket #17188.

diff --git a/src/or/statefile.c b/src/or/statefile.c
index dd1894beb718b6c7c0547b1c36d06f3a98245585..a904c411f4f1d1cc02c4c7839c02146b3d35d697 100644 (file)
--- a/src/or/statefile.c
+++ b/src/or/statefile.c
@@ -372,6 +372,18 @@ or_state_load(void)
     new_state = or_state_new();
   } else if (contents) {
     log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
+    /* Warn the user if their clock has been set backwards,
+     * they could be tricked into using old consensuses */
+    if (new_state->LastWritten > time(NULL)) {
+      char last_written_str[ISO_TIME_LEN+1];
+      char now_str[ISO_TIME_LEN+1];
+      format_iso_time(last_written_str, new_state->LastWritten),
+      format_iso_time(now_str, time(NULL));
+      log_warn(LD_GENERAL, "Your system clock has been set back in time. "
+               "Tor needs an accurate clock to know when the consensus "
+               "expires. Clock time is %s, state file time is %s.",
+               now_str, last_written_str);
+    }
   } else {
     log_info(LD_GENERAL, "Initialized state");
   }