aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGavin Andresen <gavinandresen@gmail.com>2012-08-27 10:22:57 -0400
committerGavin Andresen <gavinandresen@gmail.com>2012-08-27 10:22:57 -0400
commitea2fda46c3d12a17ebba07c139b4cd65ea0b63d9 (patch)
treea67b1e81895b1289899efd39653a512e91fa187e
parentd5a52d9b3edaae6c273b732456d98e6b28ed7b31 (diff)
Special-case the last alert for alert-key-compromised case
Hard-code a special nId=max int alert, to be broadcast if the alert key is ever compromised. It applies to all versions, never expires, cancels all previous alerts, and has a fixed message: URGENT: Alert key compromised, upgrade required Variations are not allowed (ignored), so an attacker with the private key cannot broadcast empty-message nId=max alerts.
-rw-r--r--src/main.cpp22
1 files changed, 22 insertions, 0 deletions
diff --git a/src/main.cpp b/src/main.cpp
index e9bd610377..71d425e15f 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -2322,6 +2322,28 @@ bool CAlert::ProcessAlert()
if (!IsInEffect())
return false;
+ // alert.nID=max is reserved for if the alert key is
+ // compromised. It must have a pre-defined message,
+ // must never expire, must apply to all versions,
+ // and must cancel all previous
+ // alerts or it will be ignored (so an attacker can't
+ // send an "everything is OK, don't panic" version that
+ // cannot be overridden):
+ int maxInt = std::numeric_limits<int>::max();
+ if (nID == maxInt)
+ {
+ if (!(
+ nExpiration == maxInt &&
+ nCancel == (maxInt-1) &&
+ nMinVer == 0 &&
+ nMaxVer == maxInt &&
+ setSubVer.empty() &&
+ nPriority == maxInt &&
+ strStatusBar == "URGENT: Alert key compromised, upgrade required"
+ ))
+ return false;
+ }
+
{
LOCK(cs_mapAlerts);
// Cancel previous alerts