diff options
| author | Luke Dashjr <luke-jr+git@utopios.org> | 2012-08-27 19:14:59 +0000 |
|---|---|---|
| committer | Luke Dashjr <luke-jr+git@utopios.org> | 2012-08-27 19:14:59 +0000 |
| commit | f08ad34e0c7879d60d854c7014cc788e4268889f (patch) | |
| tree | 4d101e8f8ba21a29026d3992abda8f2348c1c707 /src/main.cpp | |
| parent | 802bc904ba102c19631aa2aad9659df74fe0e07e (diff) | |
| parent | d31e24aeaaf18a4117f23a937614a8bf2679e8a4 (diff) | |
| download | bitcoin-f08ad34e0c7879d60d854c7014cc788e4268889f.tar.xz | |
Merge branch '0.5.x' into 0.6.0.x
Conflicts:
bitcoin-qt.pro
doc/README
doc/README_windows.txt
share/setup.nsi
src/serialize.h
Diffstat (limited to 'src/main.cpp')
| -rw-r--r-- | src/main.cpp | 47 |
1 files changed, 41 insertions, 6 deletions
diff --git a/src/main.cpp b/src/main.cpp index 7d3432751a..129e09929a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -2168,6 +2168,28 @@ bool CAlert::ProcessAlert() if (!IsInEffect()) return false; + // alert.nID=max is reserved for if the alert key is + // compromised. It must have a pre-defined message, + // must never expire, must apply to all versions, + // and must cancel all previous + // alerts or it will be ignored (so an attacker can't + // send an "everything is OK, don't panic" version that + // cannot be overridden): + int maxInt = std::numeric_limits<int>::max(); + if (nID == maxInt) + { + if (!( + nExpiration == maxInt && + nCancel == (maxInt-1) && + nMinVer == 0 && + nMaxVer == maxInt && + setSubVer.empty() && + nPriority == maxInt && + strStatusBar == "URGENT: Alert key compromised, upgrade required" + )) + return false; + } + CRITICAL_BLOCK(cs_mapAlerts) { // Cancel previous alerts @@ -2780,13 +2802,26 @@ bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv) CAlert alert; vRecv >> alert; - if (alert.ProcessAlert()) + uint256 alertHash = alert.GetHash(); + if (pfrom->setKnown.count(alertHash) == 0) { - // Relay - pfrom->setKnown.insert(alert.GetHash()); - CRITICAL_BLOCK(cs_vNodes) - BOOST_FOREACH(CNode* pnode, vNodes) - alert.RelayTo(pnode); + if (alert.ProcessAlert()) + { + // Relay + pfrom->setKnown.insert(alertHash); + CRITICAL_BLOCK(cs_vNodes) + BOOST_FOREACH(CNode* pnode, vNodes) + alert.RelayTo(pnode); + } + else { + // Small DoS penalty so peers that send us lots of + // duplicate/expired/invalid-signature/whatever alerts + // eventually get banned. + // This isn't a Misbehaving(100) (immediate ban) because the + // peer might be an older or different implementation with + // a different signature key, etc. + pfrom->Misbehaving(10); + } } } |