diff options
author | Gavin Andresen <gavinandresen@gmail.com> | 2012-08-27 10:22:57 -0400 |
---|---|---|
committer | Luke Dashjr <luke-jr+git@utopios.org> | 2012-08-27 19:01:17 +0000 |
commit | e0adf1389774c802a39715b1de76f0b1115eb77f (patch) | |
tree | 0118e8a45d823bfad748a870d36facd03d0fad38 /src/main.cpp | |
parent | 01cc7bf0c5f7ebe0a3cde208edf5fceac9d2e1fb (diff) | |
download | bitcoin-e0adf1389774c802a39715b1de76f0b1115eb77f.tar.xz |
Special-case the last alert for alert-key-compromised case
Hard-code a special nId=max int alert, to be broadcast if the
alert key is ever compromised. It applies to all versions, never
expires, cancels all previous alerts, and has a fixed message:
URGENT: Alert key compromised, upgrade required
Variations are not allowed (ignored), so an attacker with
the private key cannot broadcast empty-message nId=max alerts.
Diffstat (limited to 'src/main.cpp')
-rw-r--r-- | src/main.cpp | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/main.cpp b/src/main.cpp index 1821576dc5..1860f471da 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1970,6 +1970,28 @@ bool CAlert::ProcessAlert() if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits<int>::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + CRITICAL_BLOCK(cs_mapAlerts) { // Cancel previous alerts |