diff options
author | Gavin Andresen <gavinandresen@gmail.com> | 2012-08-27 10:22:57 -0400 |
---|---|---|
committer | Gavin Andresen <gavinandresen@gmail.com> | 2012-08-27 10:22:57 -0400 |
commit | ea2fda46c3d12a17ebba07c139b4cd65ea0b63d9 (patch) | |
tree | a67b1e81895b1289899efd39653a512e91fa187e | |
parent | d5a52d9b3edaae6c273b732456d98e6b28ed7b31 (diff) |
Special-case the last alert for alert-key-compromised case
Hard-code a special nId=max int alert, to be broadcast if the
alert key is ever compromised. It applies to all versions, never
expires, cancels all previous alerts, and has a fixed message:
URGENT: Alert key compromised, upgrade required
Variations are not allowed (ignored), so an attacker with
the private key cannot broadcast empty-message nId=max alerts.
-rw-r--r-- | src/main.cpp | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/main.cpp b/src/main.cpp index e9bd610377..71d425e15f 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -2322,6 +2322,28 @@ bool CAlert::ProcessAlert() if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits<int>::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + { LOCK(cs_mapAlerts); // Cancel previous alerts |