Special-case the last alert for alert-key-compromised case

Hard-code a special nId=max int alert, to be broadcast if the
alert key is ever compromised. It applies to all versions, never
expires, cancels all previous alerts, and has a fixed message:
   URGENT: Alert key compromised, upgrade required

Variations are not allowed (ignored), so an attacker with
the private key cannot broadcast empty-message nId=max alerts.

1 files changed, 22 insertions, 0 deletions

diff --git a/src/main.cpp b/src/main.cpp
index 1821576dc5..1860f471da 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1970,6 +1970,28 @@ bool CAlert::ProcessAlert()
     if (!IsInEffect())
         return false;
 
+    // alert.nID=max is reserved for if the alert key is
+    // compromised. It must have a pre-defined message,
+    // must never expire, must apply to all versions,
+    // and must cancel all previous
+    // alerts or it will be ignored (so an attacker can't
+    // send an "everything is OK, don't panic" version that
+    // cannot be overridden):
+    int maxInt = std::numeric_limits<int>::max();
+    if (nID == maxInt)
+    {
+        if (!(
+                nExpiration == maxInt &&
+                nCancel == (maxInt-1) &&
+                nMinVer == 0 &&
+                nMaxVer == maxInt &&
+                setSubVer.empty() &&
+                nPriority == maxInt &&
+                strStatusBar == "URGENT: Alert key compromised, upgrade required"
+                ))
+            return false;
+    }
+
     CRITICAL_BLOCK(cs_mapAlerts)
     {
         // Cancel previous alerts