From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 11 Mar 2011 18:03:25 +0000 (-0500)
Subject: Clarify threat description and avoid negative uptimes.
X-Git-Tag: tor-0.2.2.24-alpha~6^2~3^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a0c6021556abc96f4c610d5e097e3890216595f;p=thirdparty%2Ftor.git

Clarify threat description and avoid negative uptimes.
---

diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment
index ba019901ee..5c04b9b9bb 100644
--- a/changes/hsdir_assignment
+++ b/changes/hsdir_assignment
@@ -2,6 +2,7 @@
     - Directory authorities now use data collected from rephist when
       choosing whether to assign the HSDir flag to relays, instead of
       trusting the uptime value the relay reports in its descriptor.
-      This helps prevent an attack where relatively few malaicious
-      nodes can blackhole any given hidden service. Bugfix on
-      0.2.0.10-alpha; fixes bug 2709.
+      This helps prevent an attack where a small set of nodes with
+      frequently-changing identity keys can blackhole a hidden service.
+      (Only authorities need upgrade; others will be fine once they do.)
+      Bugfix on 0.2.0.10-alpha; fixes bug 2709.
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 69001de839..e4afe62b67 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -537,7 +537,7 @@ rep_hist_get_uptime(const char *id, time_t when)
   or_history_t *hist = get_or_history(id);
   if (!hist)
     return 0;
-  if (!hist->start_of_run)
+  if (!hist->start_of_run || when < hist->start_of_run)
     return 0;
   return when - hist->start_of_run;
 }